Lucene search

K
saintSAINT CorporationSAINT:7049C6450248508F372085FA3EF3275E
HistorySep 03, 2008 - 12:00 a.m.

Microsoft Visual Studio MaskedEdit ActiveX buffer overflow

2008-09-0300:00:00
SAINT Corporation
download.saintcorporation.com
22

EPSS

0.964

Percentile

99.6%

Added: 09/03/2008
CVE: CVE-2008-3704
BID: 30674
OSVDB: 47475

Background

Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.

Problem

A buffer overflow in the MaskedEdit ActiveX control allows command execution when a user loads a web page which invokes this control with a long, specially crafted Mask parameter.

Resolution

Apply the patch found in Microsoft Security Bulletin 08-070, or set the kill bit for Class ID C932BA85-4374-101B-A56C-00AA003668DC as decribed in Microsoft Knowledge Base Article 240797.

References

<http://secunia.com/advisories/31498/&gt;

Limitations

Exploit works on Microsoft Visual Studio 6.0 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows