Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.
ActiveX controls contained in the
**PDWizard.ocx** file in Microsoft Visual Studio 6.0 expose the
**StartProcess** method and other dangerous methods which could allow arbitrary command execution when a user loads a specially crafted web page.
Set the kill bit for Class ID 0DDF3C0B-E692-11D1-AB06-00AA00BDD685 as described in Microsoft Knowledge Base Article 240797.
Exploit works on Microsoft Visual Basic 6.0 on Windows 2000 and Windows XP.
Since this exploit uses TFTP, the SAINTexploit host must be able to bind to port 69/UDP.
Exploit requires the PERL threads module to be installed on the SAINTexploit host.