Microsoft Visual Basic VBP file buffer overflow

2007-10-05T00:00:00
ID SAINT:ECA1D8F0292691B17872EC297EAF5710
Type saint
Reporter SAINT Corporation
Modified 2007-10-05T00:00:00

Description

Added: 10/05/2007
CVE: CVE-2007-4776
BID: 25629
OSVDB: 36936

Background

Microsoft Visual Basic is a development tool for building Windows applications.

Problem

A buffer overflow vulnerability in Microsoft Visual Basic allows command execution when a user opens a specially crafted Visual Basic Project (VBP) file.

Resolution

Do not open untrusted VBP files.

References

<http://secunia.com/advisories/26704>

Limitations

Exploit works on Microsoft Visual Basic 6.0 on Windows 2000 and XP and requires a user to download and open the exploit file.

Platforms

Windows