Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4254

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-4254
Last Modified 07 Mar 2011 12:00:00
Published 10 Dec 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4254

Summary

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office Frontpage 2002

  • Microsoft Project 2003

  • Microsoft Project 2007

  • Microsoft Visual Basic 6.0

  • Microsoft Visual Foxpro 8.0

  • Microsoft Visual Foxpro 9.0

  • Microsoft Visual Studio .net 2002

  • Microsoft Visual Studio .net 2003


References

CERT - TA08-344A

MS - MS08-070

VUPEN - ADV-2008-3382

SECTRACK - 1021369

BUGTRAQ - 20081209 Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

MISC - http://secunia.com/secunia_research/2007-72/

Related Patches

MS08-070 932349 926857 Security Update for Visual Basic 6.0 Runtime Extended Files (Rev 2)

MS 957924 Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (See Note)


Last Updated: 27 May 2016 10:48:26