CVE-2008-4254

CWE-1893 documents3 sources

Severity

8.5HIGH

EPSS

55.0%

top 1.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Frontpage Microsoft Project Microsoft Visual Basic +2 more

Timeline

PublishedDec 10

Latest updateMay 2

Description

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages5 packages

▶NVDmicrosoft/visual_basic6.0

▶NVDmicrosoft/visual_foxpro8.0, 9.0+1

▶NVDmicrosoft/visual_studio_.net2002, 2003+1

▶NVDmicrosoft/project2003, 2007+1

▶NVDmicrosoft/office_frontpage2002

🔴Vulnerability Details

GHSA

GHSA-rf6m-j87j-jhvr: Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd↗2022-05-02

▶

CVEList

CVE-2008-4254: Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd↗2008-12-10

▶