Remote Command Execution Vulnerability in Microsoft Visual FoxPro ActiveX Control
CVE-2008-0236

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro
Vendor: CVE Published:; 11 January 2008

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 34%

What is CVE-2008-0236?

A vulnerability exists in the ActiveX control for Microsoft Visual FoxPro (vfp6r.dll version 6.0.8862.0) that allows remote attackers to execute arbitrary commands by invoking the vulnerable DoCmd method. This flaw can be exploited by attackers to execute untrusted commands on the affected system, potentially leading to data compromise and unauthorized access. Users and administrators are advised to take appropriate precautions and apply necessary security updates to mitigate these risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-0236 - Proof of Concept

References

http://secunia.com/advisories/28417

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/27205

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/39558

vdb-entryx_refsource_XF

EPSS Score

34% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 11, 2008
👾
Exploit known to exist
Jan 11, 2008
Vulnerability published
Jan 11, 2008
Vulnerability Reserved
Jan 10, 2008

CVE-2008-0236 Data

JSON