8.5

CVE-2008-4254

EPSS 55.04%
Published 10.12.2008 14:00:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Frontpage Version2002 Updatesp3

Microsoft ≫ Project Version2003 Updatesp3

Microsoft ≫ Project Version2007

Microsoft ≫ Project Version2007 Updatesp1

Microsoft ≫ Visual Basic Version6.0 Editionruntime_extended_files

Microsoft ≫ Visual Foxpro Version8.0 Updatesp1

Microsoft ≫ Visual Foxpro Version9.0 Updatesp1

Microsoft ≫ Visual Foxpro Version9.0 Updatesp2

Microsoft ≫ Visual Studio .Net Version2002 Updatesp1

Microsoft ≫ Visual Studio .Net Version2003 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	55.04%	0.979

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm

http://www.us-cert.gov/cas/techalerts/TA08-344A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/3382

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070

http://www.securitytracker.com/id?1021369

http://secunia.com/secunia_research/2007-72/

Vendor Advisory

http://www.securityfocus.com/archive/1/499059/100/0/threaded

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5805

https://nvd.nist.gov/vuln/detail/CVE-2008-4254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4254

EUVD