EUVD-2007-5998

Malware in sbrugna...

ComponentOne FlexGrid 7.1 ActiveX Control Multiple Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26467/info ComponentOne FlexGrid ActiveX Control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input. An attacker can exploi...

Microsoft Visual Basic FlexGrid ActiveX Control Rows Parameter Memory Corruption - Ver2 (CVE-2008-4254)

A memory corruption vulnerability has been reported in Microsoft Visual Basic. An attacker could exploit this vulnerability crafted Rows and Cols properties to the ExpandAll and CollapseAll methods, related to access of incorrectly initialized objects and corruption of the system state. Successfu...

Buffer overflow

Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method...

CVE-2012-0227

The CVE-2012-0227 entry refers to a buffer overflow in the VSFlex7.VSFlexGrid ActiveX control (ComponentOne FlexGrid 7.1) used by Open Automation Software OPC Systems.NET. The vulnerability is triggered by a long archive file name argument to the Archive method, allowing remote denial of service ...

Integer overflow

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control mshflxgd.ocx in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted 1 Rows and 2 Cols properties to the a ExpandAll and b CollapseAll methods,...

CVE-2008-4253

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code v...

Memory corruption

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code v...

CVE-2008-4254

CVE-2008-4254 describes a remote code execution vulnerability in the Microsoft Visual Basic 6.0 Runtime Extended Files Hierarchical FlexGrid ActiveX control (mshflxgd.ocx). The issue arises from multiple integer overflows in the Hierarchical FlexGrid control when manipulating the Rows/Cols proper...

CVE-2008-4253

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code v...

Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows

====================================================================== Secunia Research 09/12/2008 - Microsoft Hierarchical FlexGrid Control Integer Overflows - ====================================================================== Table of Contents Affected...

Microsoft Visual Basic multiple ActiveX security vulnerabilities

Memory corruptions in DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI, Charts, Masked Edit controls...

Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability

Description Microsoft FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

Stack overflow

Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the 1 Text, 2 EditSelText, 3 EditText, and 4 CellFontName property...

CVE-2007-6028

Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the 1 Text, 2 EditSelText, 3 EditText, and 4 CellFontName property...

CVE-2007-6028

The CVE-2007-6028 entry describes multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control from ComponentOne FlexGrid 7.1 Light. An attacker can trigger by providing long strings in the Text, EditSelText, EditText, or CellFontName properties, enabling remote exploitatio...

ComponentOne FlexGrid ActiveX Control Multiple Buffer Overflow Vulnerabilities

ComponentOne FlexGrid是一款创建各种用户界面表格的控件。 ComponentOne FlexGrid包含的ActiveX控件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 ComponentOne FlexGrid包含的ActiveX控件对多个方法调用缺少正确的边界检查，构建恶意WEB页，诱使用户访问，可导致触发缓冲区溢出，可能导致任意代码执行。 ComponentOne FlexGrid 7.1 Light 目前没有解决方案提供： http://www.componentone.com/ html head script...

[Full-disclosure] ComponentOne FlexGrid 7.1 Light Multiple Stack Overflows

The ComponentOne FlexGrid 7.1 VSFlexGrid.VSFlexGridL has multiple stack overflows. I have not tested code execution nor do I remember what this component was installed with. PoC as follows: -------------------- !-- written by e.b. -- html head script language="JavaScript" DEFER function Check var...

ComponentOne FlexGrid ActiveX multiple buffer overflows

Buffer overflows on different object properties...

flexgrid-overflow.txt

The ComponentOne FlexGrid 7.1 VSFlexGrid.VSFlexGridL has multiple stack overflows. I have not tested code execution nor do I remember what this component was installed with. PoC as follows: -------------------- function Check var s = "AAAA"; while s.length -------------------- Elazar...