Microchip MPLAB IDE Buffer Overflow Vulnerability
1. General Information
MPLAB IDE is a famous Integrated Development Environment (IDE) of
Microchip (www.microchip.com) that provides a single integrated
environment to develop applications for Microchip microcontrollers and
digital signal controllers.
In March 2009, Bkis has just detected a vulnerability in this software.
This vulnerability arises from the way MPLAB IDE processes IDE Project
files with extension of .mcp. It could lead to a critical buffer
overflow error that allows hackers to execute malicious code on users=92
systems. We have submitted to vendor.
Details : http://security.bkis.vn/?p=654
Bkis Advisory : Bkis-08-2009.
Initial vendor notification : 15/03/2009
Release Date : 11/05/2009
Update Date : 11/05/2009
Discovered by : Le Duc Anh, Bkis.
Attack Type : Buffer Overflow.
Security Rating : High.
Impact : Code Execution.
Affected Software : Microchip MPLAB IDE 8.30 (Prior versions may also be
PoC : http://security.bkis.vn/wp-content/uploads/2009/05/mplap_ide_poc.zip
2. Technical Description
MCP files are used to store essential information about a MPLAB IDE
Project (in plain text). The software has not handled the file format
well enough resulting in a critical security issue. Many fields in this
file format might create buffer overflow error when set with an overly
long value such as: [FILE_INFO], [CAT_FILTERS] =85.
In order to exploit, a hacker might create a specially crafted .mcp file
and trick users into using it. If successful, hackers can perform local
attack, inject viruses, steal sensitive information and even take
control of the victim=92s system.
The vendor hasn=92t fixed this vulnerability yet. Therefore, Bkis
recommends that users be cautious with MPLAB IDE Project source from
untrustworthy sources until the vendor release the patch.