CVE-2008-4254
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
Múltiples desbordamientos de enteros en el control ActiveX de Hierarchical FlexGrid (en el archivo mshflxgd.ocx) en Visual Basic versión 6.0 y Visual FoxPro versiones 8.0 SP1 y 9.0 SP1 y SP2, de Microsoft, permiten a los atacantes remotos ejecutar código arbitrario por medio de las propiedades diseñadas (1) Rows y (2) Cols de los métodos (a) ExpandAll y (b) CollapseAll, relacionados con el acceso a objetos inicializados incorrectamente y la corrupción del "system state," también se conoce como "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-09-25 CVE Reserved
- 2008-12-09 CVE Published
- 2024-06-20 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/499059/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1021369 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-344A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5805 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/secunia_research/2007-72 | 2018-10-12 | |
| http://www.vupen.com/english/advisories/2008/3382 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Frontpage Search vendor "Microsoft" for product "Office Frontpage" | 2002 Search vendor "Microsoft" for product "Office Frontpage" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2003 Search vendor "Microsoft" for product "Project" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.0 Search vendor "Microsoft" for product "Visual Basic" and version "6.0" | runtime_extended_files |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 8.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "8.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2002 Search vendor "Microsoft" for product "Visual Studio .net" and version "2002" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | sp1 |
Affected
| ||||||