CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#266032

Microsoft Visual Studio VB-TSQL debugger object vbsdicli.exe contains buffer overflow via NewSPID method

Overview

A vulnerability in an object included with Visual Studio 6.0 Enterprise Edition may allow an attacker to execute code with the privileges of an interactively logged in user.

I. Description

The VB-TSQL debugger object included in Visual Studio 6.0 Enterprise Edition contains a buffer overflow that could allow an intruder to execute code with the privileges of an interactively logged in user. More information on this problem is available from Microsoft at

http://www.microsoft.com/technet/security/bulletin/MS01-018.asp

II. Impact

An attacker can execute code with the privileges of an interactively logged-in victim.

III. Solution

Apply the patch described in http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp.

Systems Affected

VendorStatusDate Updated
MicrosoftVulnerable3-May-2001

References


http://www.microsoft.com/technet/security/bulletin/MS01-018.asp
http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp
http://www.securityfocus.com/bid/2521

Credit

Our thanks to Microsoft for the information contained in their bulletin.

This document was written by Shawn V. Hernan

Other Information

Date Public03/27/2001
Date First Published05/03/2001 12:15:43 AM
Date Last Updated08/10/2001
CERT Advisory 
CVE NameCAN-2001-0153
Metric11.81
Document Revision6

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2001 Carnegie Mellon University