Vulnerability Details : CVE-2008-4253

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."

Vulnerability category: Memory CorruptionExecute code

Published 2008-12-10 14:00:01

Updated 2018-10-12 21:48:44

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-4253

Probability of exploitation activity in the next 30 days: 93.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-4253

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-4253

CWE-399

Assigned by: [email protected] (Primary)

References for CVE-2008-4253

Products affected by CVE-2008-4253

Microsoft » Project » Version: 2003 Update SP3
cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2007
cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2007 Update SP1
cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Basic » Version: 6.0 Runtime Extended Files Edition
cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*
Matching versions
Microsoft » Visual Foxpro » Version: 9.0 Update SP2
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Visual Foxpro » Version: 8.0 Update SP1
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Foxpro » Version: 9.0 Update SP1
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2002 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2003 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Frontpage » Version: 2002 Update SP3
cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*
Matching versions