Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-3704 | First vendor Publication | 2008-08-18 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3704 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5794 | |||
| Oval ID: | oval:org.mitre.oval:def:5794 | ||
| Title: | Masked Edit Control Memory Corruption Vulnerability | ||
| Description: | Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3704 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Visual Basic 6.0 Microsoft Visual FoxPro Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2003 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 3 | |
| Application | 1 | |
| Application | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Visual Studio MaskedEdit ActiveX buffer overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-11-24 | Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 47475 | Microsoft Visual Studio Masked Edit Control ActiveX (Msmask32.ocx) Mask Param... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-02-19 | IAVM : 2009-B-0009 - Microsoft Security Update of ActiveX Kill Bits Severity : Category I - VMSKEY : V0018406 |
| 2008-12-11 | IAVM : 2008-A-0088 - Multiple Vulnerabilities in Microsoft Visual Basic 6.0 Severity : Category II - VMSKEY : V0017907 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-09-03 | Microsoft Windows Visual Basic Charts ActiveX function call access RuleID : 35423 - Revision : 3 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call access RuleID : 27758 - Revision : 4 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid access RuleID : 27757 - Revision : 4 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt RuleID : 23943 - Revision : 5 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Visual Basic Winsock ActiveX function call unicode access RuleID : 15121 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic Winsock ActiveX function call access RuleID : 15120 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic Winsock ActiveX clsid unicode access RuleID : 15119 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic Winsock ActiveX clsid access RuleID : 15118 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt RuleID : 15104 - Revision : 18 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call unicode ac... RuleID : 15103 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call ac... RuleID : 15102 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid unicode access RuleID : 15101 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access RuleID : 15100 - Revision : 14 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic FlexGrid ActiveX function call unicode access RuleID : 15099 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic FlexGrid ActiveX function call access RuleID : 15098 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic FlexGrid ActiveX clsid unicode access RuleID : 15097 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic FlexGrid ActiveX clsid access RuleID : 15096 - Revision : 10 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic DataGrid ActiveX function call unicode access RuleID : 15095 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic DataGrid ActiveX function call access RuleID : 15094 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic DataGrid ActiveX clsid unicode access RuleID : 15093 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic DataGrid ActiveX clsid access RuleID : 15092 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic Charts ActiveX function call unicode access RuleID : 15091 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic Charts ActiveX function call access RuleID : 15090 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic Charts ActiveX clsid unicode access RuleID : 15089 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Visual Basic Charts ActiveX clsid access RuleID : 15088 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Common Controls Animation Object ActiveX function call unicode access RuleID : 15087 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Common Controls Animation Object ActiveX function call access RuleID : 15086 - Revision : 10 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Common Controls Animation Object ActiveX clsid unicode access RuleID : 15085 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Windows Common Controls Animation Object ActiveX clsid access RuleID : 15084 - Revision : 10 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call unicode access RuleID : 14024 - Revision : 9 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call access RuleID : 14023 - Revision : 16 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid unicode access RuleID : 14022 - Revision : 9 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid access RuleID : 14021 - Revision : 19 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-12-10 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-070.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:13:41 |
|
| 2024-11-28 12:16:19 |
|
| 2021-05-04 12:07:56 |
|
| 2021-04-22 01:08:17 |
|
| 2020-05-23 13:16:51 |
|
| 2020-05-23 00:22:08 |
|
| 2018-10-13 00:22:43 |
|
| 2017-09-29 09:23:41 |
|
| 2017-08-08 09:24:19 |
|
| 2016-04-26 17:44:59 |
|
| 2014-02-17 10:46:10 |
|
| 2014-01-19 21:25:11 |
|
| 2013-11-11 12:38:01 |
|
| 2013-05-11 00:24:16 |
|
