search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Microsoft Visual Studio VB-TSQL debugger object vbsdicli.exe contains buffer overflow via NewSPID method

Vulnerability Note VU#266032

Original Release Date: 2001-05-03 | Last Revised: 2001-08-10

Overview

A vulnerability in an object included with Visual Studio 6.0 Enterprise Edition may allow an attacker to execute code with the privileges of an interactively logged in user.

Description

The VB-TSQL debugger object included in Visual Studio 6.0 Enterprise Edition contains a buffer overflow that could allow an intruder to execute code with the privileges of an interactively logged in user. More information on this problem is available from Microsoft at

http://www.microsoft.com/technet/security/bulletin/MS01-018.asp

Impact

An attacker can execute code with the privileges of an interactively logged-in victim.

Solution

Apply the patch described in http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp.

Vendor Information

266032
Expand all

Microsoft

Updated:  May 03, 2001

Status

  Vulnerable

Vendor Statement

See the Microsoft security bulleting available at http://www.microsoft.com/technet/security/bulletin/MS01-018.asp.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Our thanks to Microsoft for the information contained in their bulletin.

This document was written by Shawn V. Hernan

Other Information

CVE IDs: CVE-2001-0153
Severity Metric: 11.81
Date Public: 2001-03-27
Date First Published: 2001-05-03
Date Last Updated: 2001-08-10 17:34 UTC
Document Revision: 6

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.