19 matches found
CVE-2012-0158
CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...
CVE-2012-1856
CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2007-2224
CVE-2007-2224 describes an OLE Automation memory corruption in Windows components (TextNode.substringData) that can lead to remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Office 2004 for Mac, Visual Basic 6.0. Root cause: integer overflow during substringData hand...
CVE-2008-4254
CVE-2008-4254 describes a remote code execution vulnerability in the Microsoft Visual Basic 6.0 Runtime Extended Files Hierarchical FlexGrid ActiveX control (mshflxgd.ocx). The issue arises from multiple integer overflows in the Hierarchical FlexGrid control when manipulating the Rows/Cols proper...
CVE-2008-3704
CVE-2008-3704 corresponds to a heap-based buffer overflow in the MaskedEdit ActiveX control (Msmask32.ocx) that occurs when a long Mask parameter is processed. The defect affects Msmask32.ocx version 6.0.81.69 and possibly earlier versions (up to 6.0.84.18), within Microsoft Visual Studio 6.0, Vi...
CVE-2008-4255
MODE_C: CVE-2008-4255 maps to a heap-based buffer overflow in MS MSCOMCT2.OCX (Visual Basic 6.0 ActiveX control) used by VB6 runtimes, Visual FoxPro, and Office Project components. The flaw occurs when parsing a malformed AVI stream, leading to memory corruption and remote code execution. Affecte...
CVE-2008-4256
The CVE-2008-4256 entry maps to the Charts ActiveX Control memory corruption vulnerability in Microsoft Visual Basic 6.0 runtime components (notably Mschart20.ocx) and related VB/FoxPro runtimes. The root cause is improper error handling when accessing incorrectly initialized objects, enabling re...
CVE-1999-0384
The CVE concerns the Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0). The issue arises because this control can read text from a user’s clipboard when a user accesses documents containing ActiveX content. Impact is limited to disclosure of clipboard data as described i...
CVE-2003-0347
Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...
CVE-2008-4252
CVE-2008-4252, -4253, -4254, -4255, -4256 describe memory corruption vulnerabilities in Visual Basic 6.0 ActiveX Controls (DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI Parsing, Charts, Masked Edit). Exploitation vector involves remote code execution by delivering a crafted web pa...
CVE-2007-0065
CVE-2007-0065 is a remote code execution vulnerability described as an OLE Heap Overrun in Object Linking and Embedding (OLE) Automation. The flaw is a heap-based buffer overflow triggered by specially crafted script requests, affecting Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1/SP...
CVE-2008-4253
CVE-2008-4253 is a remote code execution vulnerability in the FlexGrid ActiveX control used by Visual Basic 6.0, Visual FoxPro 8.0 SP1/9.0 SP1/SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3. The issue arises when the ActiveX control handles errors during access to improperly initiali...
CVE-2007-4776
CVE-2007-4776 is a buffer overflow in Microsoft Visual Basic 6.0/Enterprise Edition 6.0 SP6 triggered when opening a crafted Visual Basic Project (.VBP) file that contains a long Reference line. The underlying issue involves VBP_Open and OLE handling, allowing a user-assisted remote attacker to e...
CVE-2001-0153
This CVE concerns the VB-TSQL Debugger Object (VB T-SQL Debugger) in Visual Studio 6.0 Enterprise Edition. The root cause is a buffer overflow in the DCOM object’s NewSPID method due to an unchecked sprintf on the database name, allowing a remote attacker to run arbitrary code on systems where th...
CVE-2006-3649
CVE-2006-3649 describes a remote code execution vulnerability in Microsoft Visual Basic for Applications (VBA) across VBA SDK 6.0–6.4 used by Office 2000 SP3, Office XP SP3, and related apps. The flaw stems from an improper boundary check / validation of document properties passed to VBA when ope...
CVE-2006-4732
The CVE concerns Microsoft Visual Basic 6 (VB6). A vulnerability arises in a project containing a specific Click event procedure (demonstrated with msgbox and VB.Label) that causes an unspecified overflow. The affected component is the VB6 runtime/IDE context where the Click event triggers the ov...
CVE-2007-2884
The CVE-2007-2884 issue affects Microsoft Visual Basic 6. It involves multiple stack-based buffer overflows triggered by a Visual Basic Project (vbp) file containing unusually long fields in Description or VersionCompanyName, enabling user-assisted remote attackers to cause CPU exhaustion (DoS) o...
CVE-2008-0392
CVE-2008-0392 : Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file containing a long (1) ConnectionName or (2) CommandName line. The connected documents confirm the affected product/version ...