CVE-2008-4253
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
El control ActiveX FlexGrid en Microsoft Visual Basic v6.0, Visual FoxPro v8.0 SP1 y v9.0 SP1 y SP2, Office FrontPage 2002 SP3, y Office Project 2003 SP3, no maneja adecuadamente los errores durante el acceso a objetos incorrectamente inicializados, lo que permite a atacantes remotos ejecutar código de su elección mediante un documento HTML manipulado, relacionado con la corrupción del "system state", alias "Vulnerabilidad de Corrupción de Memoria en el Control FlexGrid".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-09-25 CVE Reserved
- 2008-12-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm | X_refsource_confirm | |
http://www.securityfocus.com/bid/32592 | Vdb Entry | |
http://www.securitytracker.com/id?1021369 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA08-344A.html | Third Party Advisory | |
http://www.vupen.com/english/advisories/2008/3382 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5994 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 | 2018-10-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Office Frontpage Search vendor "Microsoft" for product "Office Frontpage" | 2002 Search vendor "Microsoft" for product "Office Frontpage" and version "2002" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2003 Search vendor "Microsoft" for product "Project" and version "2003" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.0 Search vendor "Microsoft" for product "Visual Basic" and version "6.0" | runtime_extended_files |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 8.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "8.0" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2002 Search vendor "Microsoft" for product "Visual Studio .net" and version "2002" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | sp1 |
Affected
|