Vulnerability CVE-2008-4254

Vulnerability CVE-2008-4254

Published: 2008-12-10 Modified: 2012-02-12

Description:

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

Type:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
8.5/10	10/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Microsoft -> Office frontpage
Microsoft -> Project
Microsoft -> Visual basic
Microsoft -> Visual foxpro
Microsoft -> Visual studio .net

References:

http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

http://www.securityfocus.com/archive/1/499059/100/0/threaded

http://www.securitytracker.com/id?1021369

http://www.us-cert.gov/cas/techalerts/TA08-344A.html

http://www.vupen.com/english/advisories/2008/3382

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5805

Copyright 2024, cxsecurity.com