Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability
BID:9963
Info
Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability
| Bugtraq ID: | 9963 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2004 12:00AM |
| Updated: | Mar 24 2004 12:00AM |
| Credit: | This issue was publicized in a Secunia advisory. |
| Vulnerable: |
Microsoft Visual Studio 6.0 SP5 Microsoft Visual Studio 6.0 SP4 Microsoft Visual Studio 6.0 SP3 Microsoft Visual Studio 6.0 SP2 Microsoft Visual Studio 6.0 SP1 Microsoft Visual Studio 6.0 Microsoft Visual C++ 6.0 SP5 Microsoft Visual C++ 6.0 SP4 Microsoft Visual C++ 6.0 SP3 Microsoft Visual C++ 6.0 SP2 Microsoft Visual C++ 6.0 SP1 Microsoft Visual C++ 6.0 |
| Not Vulnerable: | |
Discussion
Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability
It has been reported that ISAPI (Internet Server Application Programming Interface) extensions that are built using the MFC (Microsoft Foundation Classes) static library in Microsoft Visual C++ are prone to a denial of service vulnerability. This could occur during POST requests when the ISAPI extension is under heavy load.
Microsoft Visual C++ is included in Microsoft Visual Studio. This reportedly affects Microsoft Visual C++/Studio 6.
It has been reported that ISAPI (Internet Server Application Programming Interface) extensions that are built using the MFC (Microsoft Foundation Classes) static library in Microsoft Visual C++ are prone to a denial of service vulnerability. This could occur during POST requests when the ISAPI extension is under heavy load.
Microsoft Visual C++ is included in Microsoft Visual Studio. This reportedly affects Microsoft Visual C++/Studio 6.
Exploit / POC
Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability
Solution:
This issue will reportedly be addressed with the release of Microsoft Visual Studio 6 Service Pack 6, which will be listed at the following page when it is released:
http://msdn.microsoft.com/vstudio/downloads/updates/sp/
This Service Pack is not available at the time of writing. Symantec has also not confirmed whether or not this release will indeed address this issue. If this release does address the issue, it should be noted that ISAPI extensions based on prior versions of MFC will likely need to be recompiled with the updated static libraries.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
This issue will reportedly be addressed with the release of Microsoft Visual Studio 6 Service Pack 6, which will be listed at the following page when it is released:
http://msdn.microsoft.com/vstudio/downloads/updates/sp/
This Service Pack is not available at the time of writing. Symantec has also not confirmed whether or not this release will indeed address this issue. If this release does address the issue, it should be noted that ISAPI extensions based on prior versions of MFC will likely need to be recompiled with the updated static libraries.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability
References:
References: