Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-4255
HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-4255

2008-12-1014:00:00
CWE-119
[email protected]
web.nvd.nist.gov
37
cve-2008-4255
buffer overflow
activex
microsoft visual basic
vulnerability
security advisory

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.966 High

EPSS

Percentile

99.6%

JSON

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an “allocation error” and memory corruption, aka “Windows Common AVI Parsing Overflow Vulnerability.”

Affected configurations

NVD
Node
microsoftoffice_frontpageMatch2002sp3
OR
microsoftprojectMatch2003sp3
OR
microsoftprojectMatch2007
OR
microsoftprojectMatch2007sp1
OR
microsoftvisual_basicMatch6.0runtime_extended_files
OR
microsoftvisual_foxproMatch8.0sp1
OR
microsoftvisual_foxproMatch9.0sp1
OR
microsoftvisual_foxproMatch9.0sp2
OR
microsoftvisual_studio_.netMatch2002sp1
OR
microsoftvisual_studio_.netMatch2003sp1

Related

seebug 2
cvelist 1
securityvulns 3
prion 1
nvd 1
packetstorm 1
exploitpack 1
zdi 1
checkpoint_advisories 2
exploitdb 1
mskb 1
nessus 2
seebug
seebug
MS Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC
2008-12-13 00:00:00
Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability(MS08-070)
2008-12-10 00:00:00
cvelist
cvelist
CVE-2008-4255
2008-12-10 13:33:00
securityvulns
securityvulns
ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
2008-12-10 00:00:00
Microsoft Visual Basic multiple ActiveX security vulnerabilities
2008-12-10 00:00:00
Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
2008-12-10 00:00:00
prion
prion
Heap overflow
2008-12-10 14:00:00
nvd
nvd
CVE-2008-4255
2008-12-10 14:00:00
packetstorm
packetstorm
Microsoft Visual Basic ActiveX Buffer Overflow
2008-12-12 00:00:00
exploitpack
exploitpack
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)
2008-12-12 00:00:00
zdi
zdi
Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
2008-12-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft VB Common Controls Animation Object Buffer Overflow (MS08-070; CVE-2008-4255)
2009-12-13 00:00:00
Microsoft Visual Basic ActiveX Controls Remote Code Execution (MS08-070; CVE-2008-3704; CVE-2008-4252; CVE-2008-4253; CVE-2008-4254; CVE-2008-4255; CVE-2008-4256)
2008-11-11 00:00:00
exploitdb
exploitdb
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)
2008-12-12 00:00:00
mskb
mskb
MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) could allow remote code execution
2018-04-24 19:15:57
nessus
nessus
MS KB960715: Cumulative Security Update of ActiveX Kill Bits
2009-02-11 00:00:00
MS08-070: Vulnerabilities in Visual Basic 6.0 ActiveX Controls Could Allow Remote Code Execution (932349)
2008-12-10 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.966 High

EPSS

Percentile

99.6%

JSON
Related for CVE-2008-4255
seebug2cvelist1securityvulns3prion1nvd1packetstorm1exploitpack1zdi1checkpoint_advisories2exploitdb1mskb1nessus2