CVE-2008-4252

CWE-2644 documents4 sources
Severity
8.5HIGH
EPSS
57.5%
top 1.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Office FrontpageMicrosoft ProjectMicrosoft Visual Basic+2 more
Timeline
PublishedDec 10
Latest updateMay 2

Description

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages5 packages

NVDmicrosoft/visual_foxpro8.0, 9.0+1
NVDmicrosoft/project2003, 2007+1

🔴Vulnerability Details

2
GHSA
GHSA-5gfr-74f6-qqgh: The DataGrid ActiveX control in Microsoft Visual Basic 62022-05-02
CVEList
CVE-2008-4252: The DataGrid ActiveX control in Microsoft Visual Basic 62008-12-10

💥Exploits & PoCs

1
Exploit-DB
F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service2008-07-31
CVE-2008-4252 (HIGH CVSS 8.5) | The DataGrid ActiveX control in Mic | cvebase.io