CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4255

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile3.75th
PublishedDec 10, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Office Frontpage

= 2002
πŸ“¦
Microsoft

Project

= 2003
πŸ“¦
Microsoft

Project

= 2007
πŸ“¦
Microsoft

Project

= 2007
πŸ“¦
Microsoft

Visual Basic

= 6.0
πŸ“¦
Microsoft

Visual Foxpro

= 8.0
πŸ“¦
Microsoft

Visual Foxpro

= 9.0
πŸ“¦
Microsoft

Visual Foxpro

= 9.0
πŸ“¦
Microsoft

Visual Studio .net

= 2002
πŸ“¦
Microsoft

Visual Studio .net

= 2003

References & Advisories

πŸ”— http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl
πŸ”— http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
πŸ”— http://www.securityfocus.com/archive/1/499061/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/32613
πŸ”— http://www.securitytracker.com/id?1021369
πŸ”— http://www.us-cert.gov/cas/techalerts/TA08-344A.html
πŸ”— http://www.vupen.com/english/advisories/2008/3382
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-08-083

Related Vulnerabilities

CVE-2008-42538.5

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, ...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.