CVE-2007-4890

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Studio 6.0

Description: The issue allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. It is also possible to copy contents from local files via the Load method.

Recommendations: For Microsoft Visual Studio 6.0, consider restricting access to the SaveAs method and the Load method in the VB To VSI Support Library until a fix is available. As a temporary workaround, avoid using the SaveAs method with full pathnames and be cautious when using the Load method to prevent copying contents from unauthorized local files.