CVE-2008-4254

2008-12-10 15:00:00 2018-10-12 23:48:45

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE_INSTANCE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual FoxPro 9.0 Service Pack 2 Microsoft visual_fox_pro 9.0 SP1 Microsoft Visual Basic 6.0 Runtime Microsoft Visual FoxPro 8.0 Service Pack 1 Microsoft Office Project 2007 Service Pack 1 Microsoft Office Project 2007 Microsoft Office Project 2003 Service Pack 3 Microsoft Office frontpage 2002 Sp3 (not an official CPE) Microsoft Visual Studio .NET 2002 SP1

Microsoft - Visual studio .net Microsoft - Visual foxpro Microsoft - Visual basic Microsoft - Project Microsoft - Office frontpage

Advisory	Patch	Confirmed	Link
			ADV-2008-3382
			TA08-344A
			1021369
			20081209 Secunia Research: Microsoft Hierarchical FlexGr...
			http://support.avaya.com/elmodocs2/security/ASA-2008-473...
			MS08-070

CVE-2008-4254

2008-12-10 15:00:00 2018-10-12 23:48:45

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)