9.3
CVE-2008-3704
- EPSS 55.92%
- Veröffentlicht 18.08.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Basic Version6.0
Microsoft ≫ Visual Foxpro Version8.0 Updatesp1
Microsoft ≫ Visual Foxpro Version9.0 Updatesp1
Microsoft ≫ Visual Foxpro Version9.0 Updatesp2
Microsoft ≫ Visual Studio Version6.0
Microsoft ≫ Visual Studio .Net Version2002 Updatesp1
Microsoft ≫ Visual Studio .Net Version2003 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 55.92% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/31498
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
http://www.securityfocus.com/bid/30674
http://www.securitytracker.com/id?1020710
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
http://www.vupen.com/english/advisories/2008/2380
http://www.vupen.com/english/advisories/2008/3382
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
https://exchange.xforce.ibmcloud.com/vulnerabilities/44444
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794
https://www.exploit-db.com/exploits/6244
https://www.exploit-db.com/exploits/6317