// For flags

CVE-2008-4253

 

Severity Score

8.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."

El control ActiveX FlexGrid en Microsoft Visual Basic v6.0, Visual FoxPro v8.0 SP1 y v9.0 SP1 y SP2, Office FrontPage 2002 SP3, y Office Project 2003 SP3, no maneja adecuadamente los errores durante el acceso a objetos incorrectamente inicializados, lo que permite a atacantes remotos ejecutar código de su elección mediante un documento HTML manipulado, relacionado con la corrupción del "system state", alias "Vulnerabilidad de Corrupción de Memoria en el Control FlexGrid".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-25 CVE Reserved
  • 2008-12-10 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Office Frontpage
Search vendor "Microsoft" for product "Office Frontpage"
 2002
Search vendor "Microsoft" for product "Office Frontpage" and version "2002"
sp3
Affected
Microsoft
Search vendor "Microsoft"
 Project
Search vendor "Microsoft" for product "Project"
 2003
Search vendor "Microsoft" for product "Project" and version "2003"
sp3
Affected
Microsoft
Search vendor "Microsoft"
 Project
Search vendor "Microsoft" for product "Project"
 2007
Search vendor "Microsoft" for product "Project" and version "2007"
-
Affected
Microsoft
Search vendor "Microsoft"
 Project
Search vendor "Microsoft" for product "Project"
 2007
Search vendor "Microsoft" for product "Project" and version "2007"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Visual Basic
Search vendor "Microsoft" for product "Visual Basic"
 6.0
Search vendor "Microsoft" for product "Visual Basic" and version "6.0"
runtime_extended_files
Affected
Microsoft
Search vendor "Microsoft"
 Visual Foxpro
Search vendor "Microsoft" for product "Visual Foxpro"
 8.0
Search vendor "Microsoft" for product "Visual Foxpro" and version "8.0"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Visual Foxpro
Search vendor "Microsoft" for product "Visual Foxpro"
 9.0
Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Visual Foxpro
Search vendor "Microsoft" for product "Visual Foxpro"
 9.0
Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Visual Studio .net
Search vendor "Microsoft" for product "Visual Studio .net"
 2002
Search vendor "Microsoft" for product "Visual Studio .net" and version "2002"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Visual Studio .net
Search vendor "Microsoft" for product "Visual Studio .net"
 2003
Search vendor "Microsoft" for product "Visual Studio .net" and version "2003"
sp1
Affected