Vulnerability Note VU#266032

Microsoft Visual Studio VB-TSQL debugger object vbsdicli.exe contains buffer overflow via NewSPID method

Original Release date: 03 May 2001 | Last revised: 10 Aug 2001

Overview

A vulnerability in an object included with Visual Studio 6.0 Enterprise Edition may allow an attacker to execute code with the privileges of an interactively logged in user.

Description

The VB-TSQL debugger object included in Visual Studio 6.0 Enterprise Edition contains a buffer overflow that could allow an intruder to execute code with the privileges of an interactively logged in user. More information on this problem is available from Microsoft at

http://www.microsoft.com/technet/security/bulletin/MS01-018.asp

Impact

An attacker can execute code with the privileges of an interactively logged-in victim.

Solution

Apply the patch described in http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
MicrosoftAffected-03 May 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Our thanks to Microsoft for the information contained in their bulletin.

This document was written by Shawn V. Hernan

Other Information

  • CVE IDs: CAN-2001-0153
  • Date Public: 27 Mar 2001
  • Date First Published: 03 May 2001
  • Date Last Updated: 10 Aug 2001
  • Severity Metric: 11.81
  • Document Revision: 6

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.