CVE-2008-2959

Name of the Vulnerable Software and Affected Versions Microsoft Visual Basic Enterprise Edition 6.0 SP6

Description A buffer overflow issue exists in a certain ActiveX control (vb6skit.dll) that might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.

Recommendations For Microsoft Visual Basic Enterprise Edition 6.0 SP6, consider restricting access to the vulnerable ActiveX control vb6skit.dll to minimize the risk of exploitation. As a temporary workaround, avoid using the fCreateShellLink function with long lpstrLinkPath arguments until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.