Overview
A vulnerability in an object included with Visual Studio 6.0 Enterprise Edition may allow an attacker to execute code with the privileges of an interactively logged in user.
Description
The VB-TSQL debugger object included in Visual Studio 6.0 Enterprise Edition contains a buffer overflow that could allow an intruder to execute code with the privileges of an interactively logged in user. More information on this problem is available from Microsoft at http://www.microsoft.com/technet/security/bulletin/MS01-018.asp |
Impact
An attacker can execute code with the privileges of an interactively logged-in victim. |
Solution
Apply the patch described in http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to Microsoft for the information contained in their bulletin.
This document was written by Shawn V. Hernan
Other Information
| CVE IDs: | CVE-2001-0153 |
| Severity Metric: | 11.81 |
| Date Public: | 2001-03-27 |
| Date First Published: | 2001-05-03 |
| Date Last Updated: | 2001-08-10 17:34 UTC |
| Document Revision: | 6 |