SAINT CorporationSAINT:585BDD3A55E3DC3D474985FF2035F371Microsoft Visual Studio MaskedEdit ActiveX buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 09/03/2008
CVE: CVE-2008-3704
BID: 30674
OSVDB: 47475
Background
Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.
Problem
A buffer overflow in the MaskedEdit ActiveX control allows command execution when a user loads a web page which invokes this control with a long, specially crafted Mask parameter.
Resolution
Apply the patch found in Microsoft Security Bulletin 08-070, or set the kill bit for Class ID C932BA85-4374-101B-A56C-00AA003668DC as decribed in Microsoft Knowledge Base Article 240797.
References
<http://secunia.com/advisories/31498/>
Limitations
Exploit works on Microsoft Visual Studio 6.0 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%