Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Microsoft Visual C++ Constructed ISAPI Extensions Denial of Service

by Marianna Schmudlach Mar 24, 2004 12:32AM PST

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Microsoft Visual Studio 6 Professional
Microsoft Visual C++ 6.x
Microsoft Visual Studio 6 Enterprise

DESCRIPTION:
A vulnerability has been reported in Microsoft Visual C++, which
potentially can be exploited by malicious people to cause a DoS
(Denial-of-Service) on certain applications.

ISAPI (Internet Server Application Programming Interface) extensions
built with the MFC (Microsoft Foundation Classes) static library may
be vulnerable to DoS attacks.

The problem is that the MFC ISAPI code may produce invalid arguments
under heavy load when processing data from POST requests. This may
cause access violations.

The following products are affected:
* Microsoft Visual Studio 6.0
* Microsoft Visual C++ 6.0

SOLUTION:
The vulnerability has been fixed in Visual Studio 6.0 Service Pack 6,
which will be available at:
http://msdn.microsoft.com/vstudio/sp/default.asp

http://secunia.com/advisories/11199/

Discussion is locked

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info