CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-3704

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile17.36th
Published2008年8月18日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

Visual Basic

= 6.0
📦
Microsoft

Visual Foxpro

= 8.0
📦
Microsoft

Visual Foxpro

= 9.0
📦
Microsoft

Visual Foxpro

= 9.0
📦
Microsoft

Visual Studio

= 6.0
📦
Microsoft

Visual Studio .net

= 2002
📦
Microsoft

Visual Studio .net

= 2003

References & Advisories

🔗 http://secunia.com/advisories/31498
🔗 http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
🔗 http://www.securityfocus.com/bid/30674
🔗 http://www.securitytracker.com/id?1020710
🔗 http://www.us-cert.gov/cas/techalerts/TA08-344A.html
🔗 http://www.vupen.com/english/advisories/2008/2380
🔗 http://www.vupen.com/english/advisories/2008/3382
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070

相关漏洞威胁

CVE-2003-034710.0

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows rem...

CVE-2006-473210.0

Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certai...

CVE-2000-078810.0

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, ...

CVE-2007-006510.0

Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1...