ID CVE-2008-4256
Summary The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 12-10-2018 - 21:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
oval via4
accepted 2012-11-12T04:00:32.568-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Pradeep R B
    organization SecPod Technologies
  • name Pradeep R B
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Visual Studio .NET 2002 SP1 is installed
    oval oval:org.mitre.oval:def:981
  • comment Microsoft Visual Studio .NET 2003 SP1 is installed
    oval oval:org.mitre.oval:def:168
  • comment Microsoft Visual FoxPro is installed
    oval oval:org.mitre.oval:def:14198
  • comment Microsoft Visual Basic 6.0 is installed
    oval oval:org.mitre.oval:def:15369
description The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:5651
status accepted
submitted 2008-12-09T13:31:00
title Charts Control Memory Corruption Vulnerability
version 67
refmap via4
bid 32614
cert TA08-344A
confirm http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
ms MS08-070
sectrack 1021369
vupen ADV-2008-3382
Last major update 12-10-2018 - 21:48
Published 10-12-2008 - 14:00
Back to Top