Lucene search

K

MicrosoftCVELIST:CVE-2008-4255

HistoryDec 10, 2008 - 1:33 p.m.

CVE-2008-4255

2008-12-1013:33:00

microsoft

www.cve.org

7.8 High

AI Score

Confidence

Low

0.966 High

EPSS

Percentile

99.6%

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an “allocation error” and memory corruption, aka “Windows Common AVI Parsing Overflow Vulnerability.”

References

downloads.securityfocus.com/vulnerabilities/exploits/32613.pl

support.avaya.com/elmodocs2/security/ASA-2008-473.htm

www.securityfocus.com/archive/1/499061/100/0/threaded

www.securityfocus.com/bid/32613

www.securitytracker.com/id?1021369

www.us-cert.gov/cas/techalerts/TA08-344A.html

www.vupen.com/english/advisories/2008/3382

www.zerodayinitiative.com/advisories/ZDI-08-083

www.zerodayinitiative.com/advisories/ZDI-08-083/

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6032

7.8 High

AI Score

Confidence

Low

0.966 High

EPSS

Percentile

99.6%

Related for CVELIST:CVE-2008-4255

exploitpack1 packetstorm1 seebug2 cve1 zdi1 checkpoint_advisories2 nvd1 securityvulns3 prion1 exploitdb1 mskb1 nessus2