CVE-2008-4252
Severity Score
8.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
El control ActiveX DataGrid de Microsoft Visual Basic 6.0 y Visual FoxPro 8.0 SP1, y 9.0 SP1 y SP2, no maneja adecuadamente los errores en el acceso a objetos no iniciados correctamente, esto permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado; está relacionado con la corrupción del "estado del sistema". También se como "Vulnerabilidad de Corrupción en el Control de Memoria DataGrid".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-09-25 CVE Reserved
- 2008-12-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm | X_refsource_confirm | |
| http://www.securityfocus.com/bid/32591 | Vdb Entry | |
| http://www.securitytracker.com/id?1021369 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-344A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/3382 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Frontpage Search vendor "Microsoft" for product "Office Frontpage" | 2002 Search vendor "Microsoft" for product "Office Frontpage" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2003 Search vendor "Microsoft" for product "Project" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.0 Search vendor "Microsoft" for product "Visual Basic" and version "6.0" | runtime_extended_files |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 8.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "8.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2002 Search vendor "Microsoft" for product "Visual Studio .net" and version "2002" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | sp1 |
Affected
| ||||||