CVE-2008-4254
Summary
| CVE | CVE-2008-4254 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-10 14:00:00 UTC |
| Updated | 2018-10-12 21:48:00 UTC |
| Description | Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." |
Risk And Classification
Problem Types: CWE-189
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office Frontpage | 2002 | sp3 | All | All |
| Application | Microsoft | Office Frontpage | 2002 | sp3 | All | All |
| Application | Microsoft | Project | 2003 | sp3 | All | All |
| Application | Microsoft | Project | 2007 | All | All | All |
| Application | Microsoft | Project | 2007 | sp1 | All | All |
| Application | Microsoft | Project | 2003 | sp3 | All | All |
| Application | Microsoft | Project | 2007 | All | All | All |
| Application | Microsoft | Project | 2007 | sp1 | All | All |
| Application | Microsoft | Visual Basic | 6.0 | All | runtime_extended_files | All |
| Application | Microsoft | Visual Basic | 6.0 | All | runtime_extended_files | All |
| Application | Microsoft | Visual Foxpro | 8.0 | sp1 | All | All |
| Application | Microsoft | Visual Foxpro | 9.0 | sp1 | All | All |
| Application | Microsoft | Visual Foxpro | 9.0 | sp2 | All | All |
| Application | Microsoft | Visual Foxpro | 8.0 | sp1 | All | All |
| Application | Microsoft | Visual Foxpro | 9.0 | sp1 | All | All |
| Application | Microsoft | Visual Foxpro | 9.0 | sp2 | All | All |
| Application | Microsoft | Visual Studio .net | 2002 | sp1 | All | All |
| Application | Microsoft | Visual Studio .net | 2003 | sp1 | All | All |
| Application | Microsoft | Visual Studio .net | 2002 | sp1 | All | All |
| Application | Microsoft | Visual Studio .net | 2003 | sp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail - OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Microsoft Security Bulletin MS08-070 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Vulnerabilities - Secunia Research - Vulnerability Intelligence - Secunia.com | MISC | secunia.com | Vendor Advisory |
| ASA-2008-473 (ActiveX Controls) Could Allow Remote Code Execution (932349) | CONFIRM | support.avaya.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| US-CERT Technical Cyber Security Alert TA08-344A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.