Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4256

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-4256
Last Modified 07 Mar 2011 10:12:11
Published 10 Dec 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4256

Summary

The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office Frontpage 2002

  • Microsoft Project 2003

  • Microsoft Project 2007

  • Microsoft Visual Basic 6.0

  • Microsoft Visual Foxpro 8.0

  • Microsoft Visual Foxpro 9.0

  • Microsoft Visual Studio .net 2002

  • Microsoft Visual Studio .net 2003


References

CERT - TA08-344A

VUPEN - ADV-2008-3382

SECTRACK - 1021369

BID - 32614

MS - MS08-070

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

Related Patches

MS08-070 932349 926857 Security Update for Visual Basic 6.0 Runtime Extended Files (Rev 2)

MS 957924 Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (See Note)


Last Updated: 27 May 2016 10:48:26