Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4252

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-4252
Last Modified 07 Mar 2011 10:12:11
Published 10 Dec 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4252

Summary

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office Frontpage 2002

  • Microsoft Project 2003

  • Microsoft Project 2007

  • Microsoft Visual Basic 6.0

  • Microsoft Visual Foxpro 8.0

  • Microsoft Visual Foxpro 9.0

  • Microsoft Visual Studio .net 2002

  • Microsoft Visual Studio .net 2003


References

CERT - TA08-344A

VUPEN - ADV-2008-3382

SECTRACK - 1021369

BID - 32591

MS - MS08-070

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

Related Patches

MS08-070 932349 926857 Security Update for Visual Basic 6.0 Runtime Extended Files (Rev 2)

MS 957924 Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (See Note)


Last Updated: 27 May 2016 10:48:26