|
 |
|
Microsoft Visual C++ Constructed ISAPI Extensions Denial of Service
|
|
|
|
|
Secunia Advisory:
|
SA11199
|
|
|
Release Date:
|
2004-03-24
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Visual C++ 6.x
Microsoft Visual Studio 6 Enterprise
Microsoft Visual Studio 6 Professional
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in Microsoft Visual C++, which potentially can be exploited by malicious people to cause a DoS (Denial-of-Service) on certain applications.
ISAPI (Internet Server Application Programming Interface) extensions built with the MFC (Microsoft Foundation Classes) static library may be vulnerable to DoS attacks.
The problem is that the MFC ISAPI code may produce invalid arguments under heavy load when processing data from POST requests. This may cause access violations.
The following products are affected:
* Microsoft Visual Studio 6.0
* Microsoft Visual C++ 6.0
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
The vulnerability has been fixed in Visual Studio 6.0 Service Pack 6, which will be available at:
http://msdn.microsoft.com/vstudio/sp/default.asp
Recompile affected ISAPI extensions after the Service Pack has been installed.
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
6 Related Secunia Security Advisories
|
|
|
1. Microsoft Visual Studio Masked Edit Control "Mask" Buffer Overflow
|
|
2. Microsoft Visual Studio PDWizard.ocx ActiveX Controls Insecure Methods
|
|
3. Microsoft Visual Studio ".rc" File Handling Buffer Overflow
|
|
4. Microsoft Visual Studio ".dbp" File Handling Buffer Overflow
|
|
5. Microsoft Visual Studio User Control Load Event Vulnerability
|
|
6. Microsoft MCIWNDX.OCX ActiveX Plugin Buffer Overflow
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
