1. CVE-Search
  2. CVE-2008-4254
ID CVE-2008-4254
Summary Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 12-10-2018 - 21:48)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
msbulletin via4
bulletin_id MS08-070
bulletin_url
date 2008-12-09T00:00:00
impact Remote Code Execution
knowledgebase_id 932349
knowledgebase_url
severity Critical
title Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution
oval via4
accepted 2012-11-12T04:00:34.005-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Pradeep R B
    organization SecPod Technologies
  • name Pradeep R B
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Visual FoxPro is installed
    oval oval:org.mitre.oval:def:14198
  • comment Microsoft Visual Basic 6.0 is installed
    oval oval:org.mitre.oval:def:15369
description Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:5805
status accepted
submitted 2008-12-09T13:31:00
title Hierarchical FlexGrid Control Memory Corruption Vulnerability
version 68
refmap via4
bugtraq 20081209 Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows
cert TA08-344A
confirm http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
misc http://secunia.com/secunia_research/2007-72/
sectrack 1021369
vupen ADV-2008-3382
Last major update 12-10-2018 - 21:48
Published 10-12-2008 - 14:00
Last modified 12-10-2018 - 21:48
Back to Top