8.5
CVE-2008-4252
- EPSS 20.98%
- Veröffentlicht 10.12.2008 14:00:00
- Zuletzt bearbeitet 16.06.2026 22:57:29
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Office Frontpage Version2002 Updatesp3
Microsoft ≫ Visual Basic Version6.0 Editionruntime_extended_files
Microsoft ≫ Visual Foxpro Version8.0 Updatesp1
Microsoft ≫ Visual Foxpro Version9.0 Updatesp1
Microsoft ≫ Visual Foxpro Version9.0 Updatesp2
Microsoft ≫ Visual Studio .Net Version2002 Updatesp1
Microsoft ≫ Visual Studio .Net Version2003 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.98% | 0.972 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.5 | 6.8 | 10 |
AV:N/AC:M/Au:S/C:C/I:C/A:C
|
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
http://www.vupen.com/english/advisories/2008/3382
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
http://www.securityfocus.com/bid/32591
http://www.securitytracker.com/id?1021369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894