Memory Corruption Vulnerability in Microsoft Visual Products
CVE-2008-4256

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Foxpro; Visual Studio .net; Visual Basic; Project
Vendor: CVE Published:; 10 December 2008

Summary

The Charts ActiveX control utilized in several Microsoft development products contains a flaw that arises from inadequate error handling while accessing improperly initialized objects. This vulnerability can be exploited by remote attackers through specially crafted HTML documents, enabling them to execute arbitrary code. The consequent corruption of the application 'system state' poses significant risks to user data and application integrity.

References

http://www.vupen.com/english/advisories/2008/3382

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/32614

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1021369

vdb-entryx_refsource_SECTRACK

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 25, 2008