CVE-2008-4256

2008-12-1014:00:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-4256

microsoft

charts

activex

visual basic

visual studio

visual foxpro

remote code execution

vulnerability

memory corruption

nvd

7.5 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.838 High

EPSS

Percentile

98.5%

JSON

The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the “system state,” aka “Charts Control Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:visual_foxpromicrosoft visual foxproeq9.0
microsoft:visual_studio_.netmicrosoft visual studio .neteq2003
microsoft:visual_studio_.netmicrosoft visual studio .neteq2002
microsoft:visual_foxpromicrosoft visual foxproeq8.0
microsoft:visual_basicmicrosoft visual basiceq6.0
microsoft:projectmicrosoft projecteq2003
microsoft:office_frontpagemicrosoft office frontpageeq2002
microsoft:projectmicrosoft projecteq2007

CPE	Name	Operator	Version
microsoft:visual_foxpro	microsoft visual foxpro	eq	9.0
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2003
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2002
microsoft:visual_foxpro	microsoft visual foxpro	eq	8.0
microsoft:visual_basic	microsoft visual basic	eq	6.0
microsoft:project	microsoft project	eq	2003
microsoft:office_frontpage	microsoft office frontpage	eq	2002
microsoft:project	microsoft project	eq	2007