FKIE_CVE-2008-4252

Vulnerability from fkie_nvd - Published: 2008-12-10 14:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
secure@microsoft.comhttp://www.securityfocus.com/bid/32591
secure@microsoft.comhttp://www.securitytracker.com/id?1021369
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/3382
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32591
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021369
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3382
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894
Impacted products
Vendor Product Version
microsoft office_frontpage 2002
microsoft project 2003
microsoft project 2007
microsoft project 2007
microsoft visual_basic 6.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft visual_foxpro 9.0
microsoft visual_studio_.net 2002
microsoft visual_studio_.net 2003
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "F2D429D9-577E-4CD6-ADEC-1119B60DB20F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25881D4B-06E5-4083-AEEF-B6E1CE5C459A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CD3B021-8145-49FA-8809-C3976ED1BE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "145E1D64-840B-4AE8-91CB-EA4884ED51D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*",
              "matchCriteriaId": "DD65D7E8-016B-44EC-A416-E9247810CFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "478347F8-6256-4DE6-AD6A-91631A9E6DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "747E3E3A-85C1-4E55-B7F8-C5207F247498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the \"system state,\" aka \"DataGrid Control Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El control ActiveX DataGrid de Microsoft Visual Basic 6.0 y Visual FoxPro 8.0 SP1, y 9.0 SP1 y SP2, no maneja adecuadamente los errores en el acceso a objetos no iniciados correctamente, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado; est\u00e1 relacionado con la corrupci\u00f3n del \"estado del sistema\". Tambi\u00e9n se como \"Vulnerabilidad de Corrupci\u00f3n en el Control de Memoria DataGrid\"."
    }
  ],
  "id": "CVE-2008-4252",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.923",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/32591"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021369"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/3382"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.