CVE-2008-4255

2008-12-1014:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4255

buffer overflow

activex

microsoft visual basic

vulnerability

security advisory

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an “allocation error” and memory corruption, aka “Windows Common AVI Parsing Overflow Vulnerability.”

CPENameOperatorVersion
microsoft:visual_foxpromicrosoft visual foxproeq9.0
microsoft:visual_studio_.netmicrosoft visual studio .neteq2003
microsoft:visual_studio_.netmicrosoft visual studio .neteq2002
microsoft:visual_foxpromicrosoft visual foxproeq8.0
microsoft:visual_basicmicrosoft visual basiceq6.0
microsoft:projectmicrosoft projecteq2003
microsoft:office_frontpagemicrosoft office frontpageeq2002
microsoft:projectmicrosoft projecteq2007

CPE	Name	Operator	Version
microsoft:visual_foxpro	microsoft visual foxpro	eq	9.0
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2003
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2002
microsoft:visual_foxpro	microsoft visual foxpro	eq	8.0
microsoft:visual_basic	microsoft visual basic	eq	6.0
microsoft:project	microsoft project	eq	2003
microsoft:office_frontpage	microsoft office frontpage	eq	2002
microsoft:project	microsoft project	eq	2007