Lucene search

SAINT CorporationSAINT:20B7439F3D1B70C966D1B66F683A064E

HistoryMar 07, 2006 - 12:00 a.m.

Microsoft Visual Studio .dbp and .sln buffer overflow

2006-03-0700:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.966

Percentile

99.6%

JSON

Added: 03/07/2006
CVE: CVE-2006-1043
BID: 16953
OSVDB: 23711

Background

Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.

Problem

A buffer overflow vulnerability leads to command execution when a specially crafted Database Project (**.dbp**) or Solution (**.sln**) file is opened in Visual Studio.

Resolution

Upgrade to Visual Studio 2005.

References

<http://www.securityfocus.com/archive/1/426767>

Limitations

Exploit requires a user to download a file and open it in Visual Studio. Exploit works on Visual Studio 6.0 SP6.

Platforms

Windows 2000
Windows 2000 SP4
Windows XP

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.966

Percentile

99.6%

JSON

Related for SAINT:20B7439F3D1B70C966D1B66F683A064E