Microsoft Visual Studio and Microsoft Visual C++ denial of service
| ms-visual-dos (15591) |  Low Risk |
Description:
Microsoft Visual Studio, Enterprise Edition, Professional Edition, and Microsoft Visual C++ are vulnerable to a denial of service attack. When Internet Server Application Programming Interface (ISAPI) extensions built with Microsoft Foundation Classes (MFC) process POST requests, invalid arguments may be created, causing access violations. A remote attacker could exploit this vulnerability to cause the applications running Visual Studio or Visual C++ to crash.
Platforms Affected:
- Microsoft, Visual C++ 6.0
- Microsoft, Visual Studio 6.0 Professional
- Microsoft, Visual Studio 6.0 Enterprise
Remedy:
Upgrade to the latest version of Visual Studio (version 6.0 Service Pack 6 or later), available from the MSDN Web site. See References.
Note: Affected ISAPI extensions need to be recompiled after the service pack has been applied.
Consequences:
Denial of Service
References:
- MSDN Web site, Service Packs at http://msdn.microsoft.com/vstudio/downloads/updates/sp/.
- BID-9963: Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability
Reported:
Mar 24, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net