CVE-2008-4255
Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
Un desbordamiento de búfer en la región heap de la memoria en el archivo mscomct2.ocx (también se conoce como control ActiveX de Windows Common o control ActiveX de Microsoft Animation) en Visual Basic versión 6.0, Visual Studio .NET 2002 SP1 y 2003 SP1, Visual FoxPro versiones 8.0 SP1 y 9.0 SP1 y SP2, y Office Project 2003 SP3 y 2007 Gold y SP1, de Microsoft, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo AVI con una longitud de secuencia diseñada, lo que desencadena un "allocation error" y corrupción de memoria, también se conoce como "Windows Common AVI Parsing Overflow Vulnerability."
This vulnerability allows remote attackers to execute arbitrary code through vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists within the Microsoft Animation ActiveX control MSCOMCT2.OCX. When parsing a malformed AVI file through this control an exploitable heap corruption can occur. As the AVI file can be loaded over a UNC path this issue is remotely exploitable and can result in arbitrary code execution under the context of the current user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-09-25 CVE Reserved
- 2008-12-09 CVE Published
- 2008-12-12 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/499061/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1021369 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-344A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-083 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6032 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/7431 | 2008-12-12 | |
| http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/32613 | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/3382 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Frontpage Search vendor "Microsoft" for product "Office Frontpage" | 2002 Search vendor "Microsoft" for product "Office Frontpage" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2003 Search vendor "Microsoft" for product "Project" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Project Search vendor "Microsoft" for product "Project" | 2007 Search vendor "Microsoft" for product "Project" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.0 Search vendor "Microsoft" for product "Visual Basic" and version "6.0" | runtime_extended_files |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 8.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "8.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro" | 9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2002 Search vendor "Microsoft" for product "Visual Studio .net" and version "2002" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | sp1 |
Affected
| ||||||