CVE-2008-4253

2008-12-1014:00:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-4253

microsoft

visual basic 6.0

visual foxpro

activex

memory corruption

vulnerability

nvd

7.6 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.838 High

EPSS

Percentile

98.5%

JSON

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the “system state,” aka “FlexGrid Control Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:visual_foxpromicrosoft visual foxproeq9.0
microsoft:visual_studio_.netmicrosoft visual studio .neteq2003
microsoft:visual_studio_.netmicrosoft visual studio .neteq2002
microsoft:visual_foxpromicrosoft visual foxproeq8.0
microsoft:visual_basicmicrosoft visual basiceq6.0
microsoft:projectmicrosoft projecteq2003
microsoft:office_frontpagemicrosoft office frontpageeq2002
microsoft:projectmicrosoft projecteq2007

CPE	Name	Operator	Version
microsoft:visual_foxpro	microsoft visual foxpro	eq	9.0
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2003
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2002
microsoft:visual_foxpro	microsoft visual foxpro	eq	8.0
microsoft:visual_basic	microsoft visual basic	eq	6.0
microsoft:project	microsoft project	eq	2003
microsoft:office_frontpage	microsoft office frontpage	eq	2002
microsoft:project	microsoft project	eq	2007