CVE-2008-4254

Published Dec 10, 2008

Last updated 6 years ago

CVSS info 8.5

Overview

Description: Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 10
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2D429D9-577E-4CD6-ADEC-1119B60DB20F"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25881D4B-06E5-4083-AEEF-B6E1CE5C459A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CD3B021-8145-49FA-8809-C3976ED1BE62"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "145E1D64-840B-4AE8-91CB-EA4884ED51D4"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD65D7E8-016B-44EC-A416-E9247810CFF3"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "478347F8-6256-4DE6-AD6A-91631A9E6DD1"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "747E3E3A-85C1-4E55-B7F8-C5207F247498"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References