Security vulnerability in Visual Studio ActiveX
An ActiveX control in Microsoft's Visual Studio 6 development environment, the Visual Database Tools Database Designer in the VDT70.DLL library, contains a buffer overflow which attackers can exploit remotely using crafted web pages. This can be used to inject malicious code which runs with the privileges of the current user.
A demo exploit published on the milw0rm.com exploit list demonstrates the vulnerability with Internet Explorer 6 running under Windows XP SP2. The demo exploit loads the MSVDTDatabaseDesigner7 ActiveX control with ClassID {03cb9467-fd9d-42a8-82f9-8615b4223e6e} and calls the vulnerable NotSafe function with prepared arguments.
Security experts initially classified the bug as a denial of service vulnerability. This new exploit, however, requires the categorisation to be revised. Microsoft have not yet released a patch. Affected users should therefore either set the kill bit for the ActiveX control by following these instructions from Microsoft or deactivate ActiveX completely for the internet zone and permit it for trusted sites only.
- VDT70.DLL Stack Overflow Exploit, demo exploit on milw0rm
- CVE-2007-2885, entry in the Common Vulnerabilities and Exposures database
(mba)