Memory Corruption Vulnerability in Microsoft Visual Basic and Office Products
CVE-2008-4253

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro; Visual Studio .net; Visual Basic; Project
Vendor: CVE Published:; 10 December 2008

Summary

The FlexGrid ActiveX control in various Microsoft products fails to correctly handle errors when accessing improperly initialized objects. This flaw allows attackers to exploit the vulnerability through specially crafted HTML documents, leading to potential execution of arbitrary code. The issue highlights the importance of secure coding practices to prevent corruption of the application state and unauthorized access by malicious actors.

References

http://www.securityfocus.com/bid/32592

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2008/3382

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1021369

vdb-entryx_refsource_SECTRACK

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 25, 2008