Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3704

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3704
Last Modified 01 Aug 2011 12:00:00
Published 18 Aug 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3704

Summary

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Visual Basic 6.0

  • Microsoft Visual Foxpro 8.0

  • Microsoft Visual Foxpro 9.0

  • Microsoft Visual Studio .net 2002

  • Microsoft Visual Studio .net 2003

  • Microsoft Visual Studio 6.0


References

CERT - TA08-344A

BID - 30674

MS - MS08-070

XF - visualstudio-maskededit-bo(44444)

VUPEN - ADV-2008-3382

VUPEN - ADV-2008-2380

SECTRACK - 1020710

MILW0RM - 6317

MILW0RM - 6244

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

SECUNIA - 31498

Related Patches

MS08-070 932349 926857 Security Update for Visual Basic 6.0 Runtime Extended Files (Rev 2)

MS 957924 Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (See Note)


Last Updated: 27 May 2016 10:48:16