Heap-based Buffer Overflow in MaskedEdit Control for Microsoft Visual Studio
CVE-2008-3704

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro; Visual Studio .net; Visual Studio; Visual Basic
Vendor: CVE Published:; 18 August 2008

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 87%

What is CVE-2008-3704?

The MaskedEdit ActiveX control included in various Microsoft products features a heap-based buffer overflow vulnerability. Attackers can exploit this weakness by sending specially crafted parameters to the MaskedEdit control, which does not enforce proper validation of property values. This oversight permits remote code execution, potentially allowing malicious actors to manipulate or gain control over the affected system. The vulnerability was notably exploited in the wild, highlighting the urgent need for remediation and user awareness.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-3704 - Proof of Concept

References

http://www.securitytracker.com/id?1020710

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2008/2380

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2008/3382

vdb-entryx_refsource_VUPEN

EPSS Score

87% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 18, 2008
👾
Exploit known to exist
Aug 18, 2008
Vulnerability published
Aug 18, 2008
Vulnerability Reserved
Aug 18, 2008

CVE-2008-3704 Data

JSON