CVE-2008-4252
First published: Wed Dec 10 2008(Updated: )
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office FrontPage | =2002-sp3 | |
| Microsoft Project 2013 | =2003-sp3 | |
| Microsoft Project 2013 | =2007 | |
| Microsoft Project 2013 | =2007-sp1 | |
| Microsoft Visual Basic SDK | =6.0 | |
| Microsoft Visual FoxPro | =8.0-sp1 | |
| Microsoft Visual FoxPro | =9.0-sp1 | |
| Microsoft Visual FoxPro | =9.0-sp2 | |
| Microsoft Visual Studio | =2002-sp1 | |
| Microsoft Visual Studio | =2003-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA08-344A.html
- http://www.securitytracker.com/id?1021369
- http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
- http://www.securityfocus.com/bid/32591
- http://www.vupen.com/english/advisories/2008/3382
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5894
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
Frequently Asked Questions
What is the severity of CVE-2008-4252?
CVE-2008-4252 is rated as critical, allowing remote code execution due to improper error handling.
How do I fix CVE-2008-4252?
To fix CVE-2008-4252, ensure that all affected Microsoft software is updated with the latest security patches.
Which software applications are affected by CVE-2008-4252?
CVE-2008-4252 affects Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1, 9.0 SP1, 9.0 SP2, and various versions of Microsoft Office and Project.
Can CVE-2008-4252 allow an attacker to access local files?
Yes, through remote code execution, CVE-2008-4252 can potentially give attackers access to local files.
What types of attacks can be executed using CVE-2008-4252?
CVE-2008-4252 can be exploited to execute arbitrary code via crafted HTML documents.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/microsoft
- canonical/microsoft office frontpage
- version/microsoft office frontpage/2002-sp3
- canonical/microsoft project 2013
- version/microsoft project 2013/2003-sp3
- version/microsoft project 2013/2007
- version/microsoft project 2013/2007-sp1
- canonical/microsoft visual basic sdk
- version/microsoft visual basic sdk/6.0
- canonical/microsoft visual foxpro
- version/microsoft visual foxpro/8.0-sp1
- version/microsoft visual foxpro/9.0-sp1
- version/microsoft visual foxpro/9.0-sp2
- canonical/microsoft visual studio
- version/microsoft visual studio/2002-sp1
- version/microsoft visual studio/2003-sp1