This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-12-10
Product Office Frontpage Last view 2008-12-10
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:office_frontpage:2002:sp3:*:*:*:*:*:* 5

Related : CVE

  Date Alert Description
8.5 2008-12-10 CVE-2008-4256

The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
9.3 2008-12-10 CVE-2008-4255

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
8.5 2008-12-10 CVE-2008-4254

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
8.5 2008-12-10 CVE-2008-4253

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
8.5 2008-12-10 CVE-2008-4252

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-399 Resource Management Errors
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-189 Numeric Errors
20% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:5894 DataGrid Control Memory Corruption Vulnerability
oval:org.mitre.oval:def:5994 FlexGrid Control Memory Corruption Vulnerability
oval:org.mitre.oval:def:5805 Hierarchical FlexGrid Control Memory Corruption Vulnerability
oval:org.mitre.oval:def:6032 Windows Common AVI Parsing Overflow Vulnerability
oval:org.mitre.oval:def:5651 Charts Control Memory Corruption Vulnerability

Open Source Vulnerability Database (OSVDB)

id Description
50581 Microsoft Visual Basic Charts Control ActiveX (Mschrt20.ocx) Unspecified Memo...
50580 Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Co...
50579 Microsoft Visual Basic Hierarchical FlexGrid ActiveX (mshflxgd.ocx) Multiple ...
50578 Microsoft Visual Basic FlexGrid ActiveX (msflxgrd.ocx) Unspecified Memory Cor...
50577 Microsoft Visual Basic DataGrid ActiveX (msdatgrd.ocx) Unspecified Memory Cor...

ExploitDB Exploits

id Description
7431 Microsoft Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC

Information Assurance Vulnerability Management (IAVM)

id Description
2009-B-0009 Microsoft Security Update of ActiveX Kill Bits
Severity: Category I - VMSKEY: V0018406
2008-A-0088 Multiple Vulnerabilities in Microsoft Visual Basic 6.0
Severity: Category II - VMSKEY: V0017907

Snort® IPS/IDS

Date Description
2015-09-03 Microsoft Windows Visual Basic Charts ActiveX function call access
RuleID : 35423 - Type : BROWSER-PLUGINS - Revision : 3
2014-01-10 Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt
RuleID : 23943 - Type : FILE-MULTIMEDIA - Revision : 5
2014-01-10 Microsoft Common Controls Animation Object ActiveX clsid access
RuleID : 18601 - Type : BROWSER-PLUGINS - Revision : 9
2014-01-10 Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt
RuleID : 15104 - Type : FILE-MULTIMEDIA - Revision : 18
2014-01-10 Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call unicode ac...
RuleID : 15103 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call ac...
RuleID : 15102 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid unicode access
RuleID : 15101 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access
RuleID : 15100 - Type : BROWSER-PLUGINS - Revision : 14
2014-01-10 Microsoft Visual Basic FlexGrid ActiveX function call unicode access
RuleID : 15099 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic FlexGrid ActiveX function call access
RuleID : 15098 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 Microsoft Visual Basic FlexGrid ActiveX clsid unicode access
RuleID : 15097 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic FlexGrid ActiveX clsid access
RuleID : 15096 - Type : BROWSER-PLUGINS - Revision : 10
2014-01-10 Microsoft Visual Basic DataGrid ActiveX function call unicode access
RuleID : 15095 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic DataGrid ActiveX function call access
RuleID : 15094 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Visual Basic DataGrid ActiveX clsid unicode access
RuleID : 15093 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic DataGrid ActiveX clsid access
RuleID : 15092 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Visual Basic Charts ActiveX function call unicode access
RuleID : 15091 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic Charts ActiveX function call access
RuleID : 15090 - Type : BROWSER-PLUGINS - Revision : 13
2014-01-10 Microsoft Visual Basic Charts ActiveX clsid unicode access
RuleID : 15089 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Visual Basic Charts ActiveX clsid access
RuleID : 15088 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Common Controls Animation Object ActiveX function call unicode access
RuleID : 15087 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Common Controls Animation Object ActiveX function call access
RuleID : 15086 - Type : BROWSER-PLUGINS - Revision : 10
2014-01-10 Microsoft Common Controls Animation Object ActiveX clsid unicode access
RuleID : 15085 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Windows Common Controls Animation Object ActiveX clsid access
RuleID : 15084 - Type : BROWSER-PLUGINS - Revision : 10

Nessus® Vulnerability Scanner

id Description
2009-02-11 Name: The remote Windows host is missing a security update containing ActiveX kill ...
File: smb_kb_960715.nasl - Type: ACT_GATHER_INFO
2008-12-10 Name: Arbitrary code can be executed on the remote host through the web client.
File: smb_nt_ms08-070.nasl - Type: ACT_GATHER_INFO