SAINT CorporationSAINT:7049C6450248508F372085FA3EF3275EMicrosoft Visual Studio MaskedEdit ActiveX buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.3%
Added: 09/03/2008
CVE: CVE-2008-3704
BID: 30674
OSVDB: 47475
Background
Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.
Problem
A buffer overflow in the MaskedEdit ActiveX control allows command execution when a user loads a web page which invokes this control with a long, specially crafted Mask parameter.
Resolution
Apply the patch found in Microsoft Security Bulletin 08-070, or set the kill bit for Class ID C932BA85-4374-101B-A56C-00AA003668DC as decribed in Microsoft Knowledge Base Article 240797.
References
<http://secunia.com/advisories/31498/>
Limitations
Exploit works on Microsoft Visual Studio 6.0 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.3%