CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 09/03/2008
CVE: CVE-2008-3704
BID: 30674
OSVDB: 47475
Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.
A buffer overflow in the MaskedEdit ActiveX control allows command execution when a user loads a web page which invokes this control with a long, specially crafted Mask parameter.
Apply the patch found in Microsoft Security Bulletin 08-070, or set the kill bit for Class ID C932BA85-4374-101B-A56C-00AA003668DC as decribed in Microsoft Knowledge Base Article 240797.
<http://secunia.com/advisories/31498/>
Exploit works on Microsoft Visual Studio 6.0 and requires a user to load the exploit page in Internet Explorer.
Windows