C Runtime Denial of Service Fix

Issue Description

Visual Studio 6.0 and Visual C++ 6.0 contain the Microsoft C runtime. This file contains a problem that could cause a buffer overrun. Unlike most buffer overruns, a malicious attacker could not choose the data with which the buffer would be overrun. Instead, the buffer would always be overrun with the same values, regardless of the attacker's inputs. As a result, this vulnerability could be used as a denial of service attack only.

Due to the important nature of the C runtime to the operating system and most client software, it is recommended that this fix be applied directly to a server and not distributed with any applications that need the C runtime. The fix will appear in the next service pack for Visual Studio and Visual C++.

Symptoms

A server application such as the Microsoft SQL Server service could be made to fail silently without warning.

More Information

For additional information, please see Microsoft Security Bulletin MS01-060.

Solution

Select the server version and language to download this update file. It will update the C runtime and eliminate this security problem. For Microsoft Windows® XP.