Heap-based Buffer Overflow in MaskedEdit Control for Microsoft Visual Studio
CVE-2008-3704

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro; Visual Studio .net; Visual Studio; Visual Basic
Vendor: CVE Published:; 18 August 2008

Summary

The MaskedEdit ActiveX control included in various Microsoft products features a heap-based buffer overflow vulnerability. Attackers can exploit this weakness by sending specially crafted parameters to the MaskedEdit control, which does not enforce proper validation of property values. This oversight permits remote code execution, potentially allowing malicious actors to manipulate or gain control over the affected system. The vulnerability was notably exploited in the wild, highlighting the urgent need for remediation and user awareness.

References

http://www.securitytracker.com/id?1020710

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2008/2380

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2008/3382

vdb-entryx_refsource_VUPEN

EPSS Score

81% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 18, 2008
Vulnerability Reserved
Aug 18, 2008