CVE-2008-4253 : The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."

Published 2008-12-10 14:00:01

Updated 2018-10-12 21:48:44

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2008-4253

Microsoft » Project » Version: 2003 Update SP3
cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2007
cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2007 Update SP1
cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Basic » Version: 6.0 Runtime Extended Files Edition
cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*
Matching versions
Microsoft » Visual Foxpro » Version: 9.0 Update SP2
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Visual Foxpro » Version: 8.0 Update SP1
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Foxpro » Version: 9.0 Update SP1
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2002 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2003 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Frontpage » Version: 2002 Update SP3
cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-4253

EPSS FAQ

64.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-4253

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-4253

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-4253

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5994
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA08-344A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
http://www.securityfocus.com/bid/32592
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070

CVEs referencing this url
http://www.securitytracker.com/id?1021369

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/3382

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-4253

Products affected by CVE-2008-4253

Exploit prediction scoring system (EPSS) score for CVE-2008-4253

CVSS scores for CVE-2008-4253

CWE ids for CVE-2008-4253

References for CVE-2008-4253