What is the severity of CVE-2008-4254?

CVE-2008-4254 is classified as critical due to the potential for remote code execution.

How do I fix CVE-2008-4254?

To fix CVE-2008-4254, apply the latest security updates provided by Microsoft for the affected software versions.

What software is affected by CVE-2008-4254?

CVE-2008-4254 affects Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP1 and SP2, and several versions of Microsoft Visual Studio .NET.

What vulnerabilities does CVE-2008-4254 exploit?

CVE-2008-4254 exploits multiple integer overflow vulnerabilities in the Hierarchical FlexGrid ActiveX control.

Can CVE-2008-4254 be exploited remotely?

Yes, attackers can exploit CVE-2008-4254 remotely by sending specially crafted input to the affected applications.

Vulnerability/
CVE-2008-4254

high

8.5

CWE

189 190

10/12/2008

7/8/2024

CVE-2008-4254: Integer Overflow

First published: Wed Dec 10 2008(Updated: )

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Visual FoxPro	=9.0-sp2
Microsoft Visual Studio	=2003-sp1
Microsoft Visual Studio	=2002-sp1
Microsoft Visual FoxPro	=8.0-sp1
Microsoft Visual Basic SDK	=6.0
Microsoft Project 2013	=2003-sp3
Microsoft Office FrontPage	=2002-sp3
Microsoft Visual FoxPro	=9.0-sp1
Microsoft Project 2013	=2007-sp1
Microsoft Project 2013	=2007

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-4254?
CVE-2008-4254 is classified as critical due to the potential for remote code execution.
How do I fix CVE-2008-4254?
To fix CVE-2008-4254, apply the latest security updates provided by Microsoft for the affected software versions.
What software is affected by CVE-2008-4254?
CVE-2008-4254 affects Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP1 and SP2, and several versions of Microsoft Visual Studio .NET.
What vulnerabilities does CVE-2008-4254 exploit?
CVE-2008-4254 exploits multiple integer overflow vulnerabilities in the Hierarchical FlexGrid ActiveX control.
Can CVE-2008-4254 be exploited remotely?
Yes, attackers can exploit CVE-2008-4254 remotely by sending specially crafted input to the affected applications.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/first-publish-date
agent/description
agent/author
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/microsoft visual foxpro
version/microsoft visual foxpro/9.0-sp2
canonical/microsoft visual studio
version/microsoft visual studio/2003-sp1
version/microsoft visual studio/2002-sp1
version/microsoft visual foxpro/8.0-sp1
canonical/microsoft visual basic sdk
version/microsoft visual basic sdk/6.0
canonical/microsoft project 2013
version/microsoft project 2013/2003-sp3
canonical/microsoft office frontpage
version/microsoft office frontpage/2002-sp3
version/microsoft visual foxpro/9.0-sp1
version/microsoft project 2013/2007-sp1
version/microsoft project 2013/2007