CVE-2008-4256

CWE-3993 documents3 sources
Severity
8.5HIGH
EPSS
57.5%
top 1.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Office FrontpageMicrosoft ProjectMicrosoft Visual Basic+2 more
Timeline
PublishedDec 10
Latest updateMay 2

Description

The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages5 packages

NVDmicrosoft/visual_foxpro8.0, 9.0+1
NVDmicrosoft/project2003, 2007+1

🔴Vulnerability Details

2
GHSA
GHSA-pg8f-wfqr-44ph: The Charts ActiveX control in Microsoft Visual Basic 62022-05-02
CVEList
CVE-2008-4256: The Charts ActiveX control in Microsoft Visual Basic 62008-12-10
CVE-2008-4256 (HIGH CVSS 8.5) | The Charts ActiveX control in Micro | cvebase.io