CVE-2008-4253

CWE-3993 documents3 sources
Severity
8.5HIGH
EPSS
57.5%
top 1.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Office FrontpageMicrosoft ProjectMicrosoft Visual Basic+2 more
Timeline
PublishedDec 10
Latest updateMay 2

Description

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages5 packages

NVDmicrosoft/visual_foxpro8.0, 9.0+1
NVDmicrosoft/project2003, 2007+1

🔴Vulnerability Details

2
GHSA
GHSA-xqjc-xc2g-945f: The FlexGrid ActiveX control in Microsoft Visual Basic 62022-05-02
CVEList
CVE-2008-4253: The FlexGrid ActiveX control in Microsoft Visual Basic 62008-12-10
CVE-2008-4253 (HIGH CVSS 8.5) | The FlexGrid ActiveX control in Mic | cvebase.io