CVE-2008-4254

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro; Visual Studio .net; Visual Basic; Project
Vendor: CVE Published:; 10 December 2008

Summary

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.vupen.com/english/advisories/2008/3382

vdb-entryx_refsource_VUPEN

http://secunia.com/secunia_research/2007-72/

x_refsource_MISC

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 25, 2008

Collectors

NVD DatabaseMitre Database