Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability
TITLE: Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 23 2007 12:00AM
UPDATE: May 24 2007 07:21PM
CREDIT: Dr.Pantagon is credited with the discovery of this issue.
VULNERABLE:
Microsoft Visual Database Tools Database Designer 7.0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Microsoft Visual Database Tools Database Designer ActiveX Control is prone to a denial-of-service vulnerability because the application fails to handle overly long user-supplied strings.
Attackers can exploit this issue to crash Internet Explorer or other applications that use the vulnerable ActiveX control, resulting in denial-of-service conditions.
NOTE: Given the nature of this issue, attackers may be able to execute remote code, but this has not been confirmed.
Exploit
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit code is available:
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Microsoft Knowledge Base article 240797 (Microsoft)
- Visual Database Tools Homepage (Microsoft)