CVE-2008-3704

2008-08-1819:41:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-3704

buffer overflow

maskededit

activex control

msmask32.ocx

microsoft visual studio

visual basic

visual studio .net

visual foxpro

code execution

vulnerability

memory corruption

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.5%

JSON

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not “validating property values with boundary checks,” as exploited in the wild in August 2008, aka “Masked Edit Control Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:visual_foxpromicrosoft visual foxproeq9.0
microsoft:visual_studio_.netmicrosoft visual studio .neteq2003
microsoft:visual_studiomicrosoft visual studioeq6.0
microsoft:visual_studio_.netmicrosoft visual studio .neteq2002
microsoft:visual_foxpromicrosoft visual foxproeq8.0
microsoft:visual_basicmicrosoft visual basiceq6.0

CPE	Name	Operator	Version
microsoft:visual_foxpro	microsoft visual foxpro	eq	9.0
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2003
microsoft:visual_studio	microsoft visual studio	eq	6.0
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2002
microsoft:visual_foxpro	microsoft visual foxpro	eq	8.0
microsoft:visual_basic	microsoft visual basic	eq	6.0