CVE-2008-4255

CVSS V2 High 9.3 CVSS V3 None
Description
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
Overview
  • CVE ID
  • CVE-2008-4255
  • Assigner
  • secure@microsoft.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-12-10T14:00:00
  • Last Modified Date
  • 2018-10-12T21:48:46
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:project:2007:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:project:2007:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:visual_basic:6.0:*:runtime_extended_files:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl Exploit
http://www.zerodayinitiative.com/advisories/ZDI-08-083/
http://www.securityfocus.com/bid/32613 Patch
http://www.us-cert.gov/cas/techalerts/TA08-344A.html US Government Resource
http://www.securitytracker.com/id?1021369
http://www.zerodayinitiative.com/advisories/ZDI-08-083
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
http://www.vupen.com/english/advisories/2008/3382 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6032
http://www.securityfocus.com/archive/1/499061/100/0/threaded
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-4255
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4255
History
Created Old Value New Value Data Type Notes
2022-05-10 18:24:57 Added to TrackCVE