Buffer Overflow in Microsoft Visual Basic Enterprise Edition 6.0 SP6
CVE-2008-2959

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Basic Enterprise Edition
Vendor: CVE Published:; 2 July 2008

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 34%

What is CVE-2008-2959?

A buffer overflow exists within the ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6, allowing remote attackers to execute arbitrary code. This vulnerability is triggered by an overly long lpstrLinkPath argument to the fCreateShellLink function, potentially compromising system integrity and exposing sensitive information.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-2959 - Proof of Concept

References

https://www.exploit-db.com/exploits/5851

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/29792

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/43180

vdb-entryx_refsource_XF

EPSS Score

34% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 2, 2008
👾
Exploit known to exist
Jul 2, 2008
Vulnerability published
Jul 2, 2008
Vulnerability Reserved
Jul 2, 2008

CVE-2008-2959 Data

JSON