Integer Overflow Vulnerability in Microsoft Visual Basic and Visual FoxPro
CVE-2008-4254

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro; Visual Studio .net; Visual Basic; Project
Vendor: CVE Published:; 10 December 2008

Summary

The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 and 9.0 versions is susceptible to multiple integer overflows. These overflows occur due to improper handling of Rows and Cols properties within the ExpandAll and CollapseAll methods. Attackers can exploit this vulnerability to execute arbitrary code remotely, potentially leading to unauthorized access and control over the affected system. This issue is linked to the mishandling of improperly initialized objects and the resulting corruption of system state.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.vupen.com/english/advisories/2008/3382

vdb-entryx_refsource_VUPEN

http://secunia.com/secunia_research/2007-72/

x_refsource_MISC

EPSS Score

61% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 25, 2008