CVSS: 9.3EPSS: 96%CPEs: 10EXPL: 2CVE-2008-4255 – Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-4255
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." Un desbordamiento de búfer en la región heap de la memoria en el archivo mscomct2.ocx (también se conoce como control ActiveX de Windows Common o control ActiveX de Microsoft Animation) en Visual Basic versión 6.0, Visual Studio .NET 2002 SP1 y 2003 SP1, Visual FoxPro versiones 8.0 SP1 y 9.0 SP1 y SP2, y Office Project 2003 SP3 y 2007 Gold y SP1, de Microsoft, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo AVI con una longitud de secuencia diseñada, lo que desencadena un "allocation error" y corrupción de memoria, también se conoce como "Windows Common AVI Parsing Overflow Vulnerability." This vulnerability allows remote attackers to execute arbitrary code through vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Microsoft Animation ActiveX control MSCOMCT2.OCX. When parsing a malformed AVI file through this control an exploitable heap corruption can occur. • https://www.exploit-db.com/exploits/7431 http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm http://www.securityfocus.com/archive/1/499061/100/0/threaded http://www.securityfocus.com/bid/32613 http://www.securitytracker.com/id?1021369 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/3382 http://www.zerodayinitiative.com/advisories/ZDI-08-083 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 4CVE-2008-3704 – Microsoft Visual Studio - 'Msmask32.ocx' ActiveX Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-3704
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." Un desbordamiento de búfer en la región heap de la memoria en el control ActiveX de MaskedEdit en msmask32.ocx versión 6.0.81.69, y posiblemente en otras versiones anteriores a 6.0.84.18, en Visual Studio versión 6.0, Visual Basic versión 6.0, Visual Studio .NET 2002 SP1 y 2003 SP1, y Visual FoxPro versiones 8.0 SP1 y 9.0 SP1 y SP2, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un parámetro Mask largo, relacionado con la no "validating property values with boundary checks", como se explotó “in the wild” en Agosto de 2008, también se conoce como "Masked Edit Control Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/6244 https://www.exploit-db.com/exploits/6317 https://www.exploit-db.com/exploits/16507 http://secunia.com/advisories/31498 http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm http://www.securityfocus.com/bid/30674 http://www.securitytracker.com/id?1020710 http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.vupen.com/english/advisories/2008/2380 http://www.vupen.com/english/advisories/2008/3382 https://do • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 1EXPL: 2CVE-2008-2959 – Visual Basic Enterprise Edition SP6 - 'vb6skit.dll' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2959
Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. Desbordamiento de búfer en un determinado control ActiveX (vb6skit.dll) de Microsoft Visual Basic Enterprise Edition 6.0 SP6 puede permitir a atacantes remotos ejecutar código de su elección a través de un argumento lpstrLinkPath largo de la función fCreateShellLink. • https://www.exploit-db.com/exploits/5851 http://www.securityfocus.com/bid/29792 https://exchange.xforce.ibmcloud.com/vulnerabilities/43180 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 58%CPEs: 7EXPL: 0CVE-2007-0065
https://notcve.org/view.php?id=CVE-2007-0065
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. Búfer overflow basado en montículo en el objeto OLE (Object Linking and Embedding)Automation en Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, Vista, Office 2004 para Mac, y Visual basic 6.0 SP6, permite a atacantes remotos ejecutar código de su elección a través de una petición de secuencia de comandos manipulada. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28902 http://www.securityfocus.com/bid/27661 http://www.securitytracker.com/id?1019373 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0510/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5388 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 51%CPEs: 1EXPL: 2CVE-2008-0392 – Microsoft Visual Basic Enterprise 6 SP6 - '.dsr' File Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0392
Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. Múltiples desbordamientos de búfer en Microsoft Visual Basic Enterprise Edition 6.0 SP6 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través del código de un archivo .dsr con una línea de longitud (1) ConnectionName o (2) CommandName. • https://www.exploit-db.com/exploits/4938 http://secunia.com/advisories/28563 http://www.securityfocus.com/bid/27349 http://www.securitytracker.com/id?1019258 http://www.vupen.com/english/advisories/2008/0195 https://exchange.xforce.ibmcloud.com/vulnerabilities/39773 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •