CVE-2008-4252
HP Security Bulletin 2008-01.83
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
El control ActiveX DataGrid de Microsoft Visual Basic 6.0 y Visual FoxPro 8.0 SP1, y 9.0 SP1 y SP2, no maneja adecuadamente los errores en el acceso a objetos no iniciados correctamente, esto permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado; está relacionado con la corrupción del "estado del sistema". También se como "Vulnerabilidad de Corrupción en el Control de Memoria DataGrid".
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-09-25 CVE Reserved
- 2008-12-10 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm | X_refsource_confirm | |
| http://www.securityfocus.com/bid/32591 | Vdb Entry | |
| http://www.securitytracker.com/id?1021369 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-344A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/3382 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Frontpage Search vendor "Microsoft" for product "Office Frontpage" | 2002 Search vendor "Microsoft" for product "Office Frontpage" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2003 Search vendor "Microsoft" for product "Project" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.0 Search vendor "Microsoft" for product "Visual Basic" and version "6.0" | runtime_extended_files |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 8.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "8.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2002 Search vendor "Microsoft" for product "Visual Studio .net" and version "2002" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | sp1 |
Affected
| ||||||