BID:25629

Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability

Info

Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability

Bugtraq ID:	25629
Class:	Boundary Condition Error
CVE:	CVE-2007-4776
Remote:	Yes
Local:	No
Published:	Sep 04 2007 12:00AM
Updated:	Oct 29 2007 05:46PM
Credit:	Koshi is credited with the discovery of this vulnerability.
Vulnerable:	Microsoft Visual Basic 6.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0

Not Vulnerable:

Discussion

Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability

Microsoft Visual Basic 6.0 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

Exploit / POC

Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability

A commercial exploit for CORE IMPACT v7 is available.

The following exploits are available:

/data/vulnerabilities/exploits/msvbp_exp.pl
/data/vulnerabilities/exploits/25629.py

Solution / Fix

Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

References

Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability

References:

Visual Basic Homepage (Microsoft)