CVE-2008-4255

Heap-based buffer overflow in mscomct2.ocx aka Windows Common ActiveX control or Microsoft Animation ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote...

CVE-2008-4256

The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted...

CVE-2008-4253

CVE-2008-4253 is a remote code execution vulnerability in the FlexGrid ActiveX control used by Visual Basic 6.0, Visual FoxPro 8.0 SP1/9.0 SP1/SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3. The issue arises when the ActiveX control handles errors during access to improperly initiali...

CVE-2008-4254

CVE-2008-4254 describes a remote code execution vulnerability in the Microsoft Visual Basic 6.0 Runtime Extended Files Hierarchical FlexGrid ActiveX control (mshflxgd.ocx). The issue arises from multiple integer overflows in the Hierarchical FlexGrid control when manipulating the Rows/Cols proper...

CVE-2008-4252

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of...

CVE-2008-4253

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code v...

CVE-2008-4254

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control mshflxgd.ocx in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted 1 Rows and 2 Cols properties to the a ExpandAll and b CollapseAll methods,...

CVE-2008-4252

CVE-2008-4252, -4253, -4254, -4255, -4256 describe memory corruption vulnerabilities in Visual Basic 6.0 ActiveX Controls (DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI Parsing, Charts, Masked Edit). Exploitation vector involves remote code execution by delivering a crafted web pa...

CVE-2008-4256

The CVE-2008-4256 entry maps to the Charts ActiveX Control memory corruption vulnerability in Microsoft Visual Basic 6.0 runtime components (notably Mschart20.ocx) and related VB/FoxPro runtimes. The root cause is improper error handling when accessing incorrectly initialized objects, enabling re...

CVE-2008-4255

MODE_C: CVE-2008-4255 maps to a heap-based buffer overflow in MS MSCOMCT2.OCX (Visual Basic 6.0 ActiveX control) used by VB6 runtimes, Visual FoxPro, and Office Project components. The flaw occurs when parsing a malformed AVI stream, leading to memory corruption and remote code execution. Affecte...

Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files ActiveX Controls Could Allow Remote Code Execution 932349 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves five privately reported...

Microsoft Visual Basic multiple ActiveX security vulnerabilities

Memory corruptions in DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI, Charts, Masked Edit controls...

MS08-070: Vulnerabilities in Visual Basic 6.0 ActiveX Controls Could Allow Remote Code Execution (932349)

The remote host contains a version of the ActiveX control for Visual Basic 6.0 Runtime Extended Files that may allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and enticing a victim to visit it. Note that this control may have been included with...

Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability

Description Microsoft FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability

Description Microsoft DataGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability

Description Microsoft Hierarchical FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will...

Microsoft Charts ActiveX Control Memory Corruption Vulnerability

Description Microsoft Charts ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

Java Web Start BasicService displays local files in the browser

Unspecified vulnerability in the BasicService for Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted downloaded applications to cause local files to be displayed in the brows...

BaSiC-CMS (acm2000.mdb) Remote Database Disclosure Vulnerability

No description provided by source. --------------------------------------------------------- Portal Name: Basic-cms ASP D0wn : http://www.basic-cms.com/download-basiccms.zip Author : Mountassif Moad Evil Finger / v4 Team Vulnerability : Database Disclosure Vulnerability...

basiccms-disclose.txt

--------------------------------------------------------- Portal Name: Basic-cms ASP D0wn : http://www.basic-cms.com/download-basiccms.zip Author : Mountassif Moad Evil Finger / v4 Team Vulnerability : Database Disclosure Vulnerability ---------------------------------------------------------...