Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4255

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4255
Last Modified 07 Mar 2011 12:00:00
Published 10 Dec 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4255

Summary

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office Frontpage 2002

  • Microsoft Project 2003

  • Microsoft Project 2007

  • Microsoft Visual Basic 6.0

  • Microsoft Visual Foxpro 8.0

  • Microsoft Visual Foxpro 9.0

  • Microsoft Visual Studio .net 2002

  • Microsoft Visual Studio .net 2003


References

CERT - TA08-344A

BID - 32613

MS - MS08-070

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-083/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-083

VUPEN - ADV-2008-3382

SECTRACK - 1021369

BUGTRAQ - 20081209 ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl

Related Patches

MS08-070 932349 926857 Security Update for Visual Basic 6.0 Runtime Extended Files (Rev 2)

MS 957924 Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (See Note)


Last Updated: 27 May 2016 10:48:26