Heap-based Buffer Overflow in Microsoft ActiveX Control
CVE-2008-4255

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro; Visual Studio .net; Visual Basic; Project
Vendor: CVE Published:; 10 December 2008

Summary

This vulnerability is caused by a heap-based buffer overflow in the mscomct2.ocx ActiveX control, which affects several Microsoft products. When a specially crafted AVI file with an incorrect stream length is processed, it leads to an allocation error resulting in memory corruption. Attackers can exploit this vulnerability remotely, allowing them to execute arbitrary code on the compromised system.

References

http://www.securityfocus.com/bid/32613

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2008/3382

vdb-entryx_refsource_VUPEN

http://www.zerodayinitiative.com/advisories/ZDI-08-083/

x_refsource_MISC

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 25, 2008