CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-4255

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile3.75th
Published2008年12月10日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."

Affected Platforms (CPE)

📦
Microsoft

Office Frontpage

= 2002
📦
Microsoft

Project

= 2003
📦
Microsoft

Project

= 2007
📦
Microsoft

Project

= 2007
📦
Microsoft

Visual Basic

= 6.0
📦
Microsoft

Visual Foxpro

= 8.0
📦
Microsoft

Visual Foxpro

= 9.0
📦
Microsoft

Visual Foxpro

= 9.0
📦
Microsoft

Visual Studio .net

= 2002
📦
Microsoft

Visual Studio .net

= 2003

References & Advisories

🔗 http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl
🔗 http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
🔗 http://www.securityfocus.com/archive/1/499061/100/0/threaded
🔗 http://www.securityfocus.com/bid/32613
🔗 http://www.securitytracker.com/id?1021369
🔗 http://www.us-cert.gov/cas/techalerts/TA08-344A.html
🔗 http://www.vupen.com/english/advisories/2008/3382
🔗 http://www.zerodayinitiative.com/advisories/ZDI-08-083

相關漏洞威脅

CVE-2008-42538.5

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, ...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVE-2008-373710.0

Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier al...

CVE-2008-369510.0

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6...