Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4255

CWE-119Buffer Overflow4 documents4 sources
Severity
9.3CRITICAL
EPSS
65.7%
top 1.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Microsoft Office FrontpageMicrosoft ProjectMicrosoft Visual Basic+2 more
Timeline
PublishedDec 10
Latest updateMay 2

Description

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDmicrosoft/visual_foxpro8.0, 9.0+1
NVDmicrosoft/project2003, 2007+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-7mp9-mc39-h253: Heap-based buffer overflow in mscomct22022-05-02
CVEList
CVE-2008-4255: Heap-based buffer overflow in mscomct22008-12-10

💥Exploits & PoCs

1
Exploit-DB
Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)2008-12-12
CVE-2008-4255 (CRITICAL CVSS 9.3) | Heap-based buffer overflow in mscom | cvebase.io