[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-4254Date: (C)2008-12-10   (M)2018-06-02


Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 8.5
Exploit Score: Exploit Score: 6.8
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1021369
http://www.securityfocus.com/archive/1/archive/1/499059/100/0/threaded
ADV-2008-3382
IAVM:2008-A-0088
IAVM:2009-B-0009
MS08-070
TA08-344A
http://secunia.com/secunia_research/2007-72/
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

CPE    9
cpe:/a:microsoft:visual_studio_.net:2003:sp1
cpe:/a:microsoft:project:2003:sp3
cpe:/a:microsoft:visual_foxpro:8.0:sp1
cpe:/a:microsoft:visual_foxpro:9.0:sp2
...
CWE    1
CWE-189
OVAL    2
oval:org.mitre.oval:def:5805
oval:org.secpod.oval:def:3093

© SecPod Technologies