Vulnerability Note VU#266032

Microsoft Visual Studio VB-TSQL debugger object vbsdicli.exe contains buffer overflow via NewSPID method

Overview

A vulnerability in an object included with Visual Studio 6.0 Enterprise Edition may allow an attacker to execute code with the privileges of an interactively logged in user.

I. Description

The VB-TSQL debugger object included in Visual Studio 6.0 Enterprise Edition contains a buffer overflow that could allow an intruder to execute code with the privileges of an interactively logged in user. More information on this problem is available from Microsoft at

http://www.microsoft.com/technet/security/bulletin/MS01-018.asp

II. Impact

An attacker can execute code with the privileges of an interactively logged-in victim.

III. Solution

Apply the patch described in http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft	Vulnerable	3-May-2001

References

http://www.microsoft.com/technet/security/bulletin/MS01-018.asp
http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp
http://www.securityfocus.com/bid/2521

Credit

Our thanks to Microsoft for the information contained in their bulletin.

This document was written by Shawn V. Hernan

Other Information

Date Public:	2001-03-27
Date First Published:	2001-05-03
Date Last Updated:	2001-08-10
CERT Advisory:
CVE-ID(s):	CAN-2001-0153
NVD-ID(s):	CAN-2001-0153
US-CERT Technical Alerts:
Severity Metric:	11.81
Document Revision:	6

If you have feedback, comments, or additional information about this vulnerability, please send us email.