CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3704

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile17.36th
PublishedAug 18, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Visual Basic

= 6.0
πŸ“¦
Microsoft

Visual Foxpro

= 8.0
πŸ“¦
Microsoft

Visual Foxpro

= 9.0
πŸ“¦
Microsoft

Visual Foxpro

= 9.0
πŸ“¦
Microsoft

Visual Studio

= 6.0
πŸ“¦
Microsoft

Visual Studio .net

= 2002
πŸ“¦
Microsoft

Visual Studio .net

= 2003

References & Advisories

πŸ”— http://secunia.com/advisories/31498
πŸ”— http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
πŸ”— http://www.securityfocus.com/bid/30674
πŸ”— http://www.securitytracker.com/id?1020710
πŸ”— http://www.us-cert.gov/cas/techalerts/TA08-344A.html
πŸ”— http://www.vupen.com/english/advisories/2008/2380
πŸ”— http://www.vupen.com/english/advisories/2008/3382
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070

Related Vulnerabilities

CVE-2003-034710.0

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows rem...

CVE-2006-473210.0

Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certai...

CVE-2000-078810.0

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, ...

CVE-2007-006510.0

Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1...