Visual Studio Remote Code Execution exploit from Team priestmasters

* Is it a critical bug?

I think it is a critical bug, because in combination with social
engineering it is very easy to trick an employee of a software
company to take a deeper look on a VS project from a counterpart.

* How this bug works

If a UserControl is added on a Windows Formular, VS launch the code
inside UserControl_Load function automatically if you show the main
form where the UserControl is located.

* How can I test for the vulnerabillity

- Open vbexploit.sln file
- Click on Form1.cs

If you see a Message Box and calc is launched you are vulnerable to
Visual Studio remote Code execution.


* How can I exploit this bug

If a user click on the solution file (vbexploit.sln) and the form1.cs
formular is showed VS launch the code inside UserControl1_Load function.
Place your backdoor into this function (You can use the whole WIN-API and
.NET framework to code your backdoor:-). The default behaivor for the example
file is show a Message Box and launch calc.exe.


greets,

priestmaster

URL:   http://www.priestmaster.org
Email: priest@priestmaster.org