BID:24128

Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability

Info

Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability

Bugtraq ID:	24128
Class:	Boundary Condition Error
CVE:	CVE-2007-2884
Remote:	Yes
Local:	No
Published:	May 23 2007 12:00AM
Updated:	May 07 2015 05:37PM
Credit:	UmZ (Umair Manzoor) is credited with the discovery of this vulnerability.
Vulnerable:	Microsoft Visual Basic 6.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0

Not Vulnerable:

Discussion

Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability

Microsoft Visual Basic 6.0 is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

Exploit / POC

Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability

The following proof of concept is available.

/data/vulnerabilities/exploits/msvbpd_poc.pl

Solution / Fix

Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability

References:

Visual Basic Homepage (Microsoft)