CVE-2008-4252

2008-12-1014:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-4252

datagrid

activex

microsoft

visual basic

visual foxpro

memory corruption

vulnerability

7.6 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.814 High

EPSS

Percentile

98.3%

JSON

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the “system state,” aka “DataGrid Control Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:visual_foxpromicrosoft visual foxproeq9.0
microsoft:visual_studio_.netmicrosoft visual studio .neteq2003
microsoft:visual_studio_.netmicrosoft visual studio .neteq2002
microsoft:visual_foxpromicrosoft visual foxproeq8.0
microsoft:visual_basicmicrosoft visual basiceq6.0
microsoft:projectmicrosoft projecteq2003
microsoft:office_frontpagemicrosoft office frontpageeq2002
microsoft:projectmicrosoft projecteq2007

CPE	Name	Operator	Version
microsoft:visual_foxpro	microsoft visual foxpro	eq	9.0
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2003
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2002
microsoft:visual_foxpro	microsoft visual foxpro	eq	8.0
microsoft:visual_basic	microsoft visual basic	eq	6.0
microsoft:project	microsoft project	eq	2003
microsoft:office_frontpage	microsoft office frontpage	eq	2002
microsoft:project	microsoft project	eq	2007