Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
Informations | |||
---|---|---|---|
Name | MS08-070 | First vendor Publication | 2008-12-09 |
Vendor | Microsoft | Last vendor Modification | 2009-02-11 |
Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.2 (February 11, 2009): Clarified the class IDs for two ActiveX controls. First, listed a second class ID in the workaround, "Prevent Windows Common AVI ActiveX Control from running in Internet Explorer," for CVE-2008-4255. Second, listed in the section, Frequently asked questions (FAQ) related to this security update, the class ID for the Winsock Control for which the kill bit is being set as a security-related change to functionality in this update. This is an informational change only. There were no changes to the security update files in this bulletin.Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5651 | |||
Oval ID: | oval:org.mitre.oval:def:5651 | ||
Title: | Charts Control Memory Corruption Vulnerability | ||
Description: | The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4256 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Visual Basic 6.0 Microsoft Visual FoxPro Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2003 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5794 | |||
Oval ID: | oval:org.mitre.oval:def:5794 | ||
Title: | Masked Edit Control Memory Corruption Vulnerability | ||
Description: | Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3704 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Visual Basic 6.0 Microsoft Visual FoxPro Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2003 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5805 | |||
Oval ID: | oval:org.mitre.oval:def:5805 | ||
Title: | Hierarchical FlexGrid Control Memory Corruption Vulnerability | ||
Description: | Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4254 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Basic 6.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5894 | |||
Oval ID: | oval:org.mitre.oval:def:5894 | ||
Title: | DataGrid Control Memory Corruption Vulnerability | ||
Description: | The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4252 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Basic 6.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5994 | |||
Oval ID: | oval:org.mitre.oval:def:5994 | ||
Title: | FlexGrid Control Memory Corruption Vulnerability | ||
Description: | The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4253 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Basic 6.0 Microsoft Project 2003 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6032 | |||
Oval ID: | oval:org.mitre.oval:def:6032 | ||
Title: | Windows Common AVI Parsing Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4255 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Basic 6.0 Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2003 Microsoft Project 2003 Microsoft Project 2007 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 3 | |
Application | 2 | |
Application | 3 | |
Application | 1 | |
Application | 2 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Visual Studio MaskedEdit ActiveX buffer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-11-24 | Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow |
2008-12-12 | Microsoft Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50581 | Microsoft Visual Basic Charts Control ActiveX (Mschrt20.ocx) Unspecified Memo... |
50580 | Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Co... A buffer overflow exists in Visual Basic Animation ActiveX control. mscomct2.ocx fails to validate AVI files resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
50579 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX (mshflxgd.ocx) Multiple ... |
50578 | Microsoft Visual Basic FlexGrid ActiveX (msflxgrd.ocx) Unspecified Memory Cor... A memory corruption flaw exists in several Microsoft products. The FlexGrid ActiveX control fails to validate unspecified content resulting in a memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
50577 | Microsoft Visual Basic DataGrid ActiveX (msdatgrd.ocx) Unspecified Memory Cor... |
47475 | Microsoft Visual Studio Masked Edit Control ActiveX (Msmask32.ocx) Mask Param... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-19 | IAVM : 2009-B-0009 - Microsoft Security Update of ActiveX Kill Bits Severity : Category I - VMSKEY : V0018406 |
2008-12-11 | IAVM : 2008-A-0088 - Multiple Vulnerabilities in Microsoft Visual Basic 6.0 Severity : Category II - VMSKEY : V0017907 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-09-03 | Microsoft Windows Visual Basic Charts ActiveX function call access RuleID : 35423 - Revision : 3 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call access RuleID : 27758 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid access RuleID : 27757 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt RuleID : 23943 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Common Controls Animation Object ActiveX clsid access RuleID : 18601 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX function call unicode access RuleID : 15121 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX function call access RuleID : 15120 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX clsid unicode access RuleID : 15119 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Winsock ActiveX clsid access RuleID : 15118 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt RuleID : 15104 - Revision : 18 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call unicode ac... RuleID : 15103 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call ac... RuleID : 15102 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid unicode access RuleID : 15101 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access RuleID : 15100 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic FlexGrid ActiveX function call unicode access RuleID : 15099 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic FlexGrid ActiveX function call access RuleID : 15098 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic FlexGrid ActiveX clsid unicode access RuleID : 15097 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic FlexGrid ActiveX clsid access RuleID : 15096 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic DataGrid ActiveX function call unicode access RuleID : 15095 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic DataGrid ActiveX function call access RuleID : 15094 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic DataGrid ActiveX clsid unicode access RuleID : 15093 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic DataGrid ActiveX clsid access RuleID : 15092 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Charts ActiveX function call unicode access RuleID : 15091 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Charts ActiveX function call access RuleID : 15090 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Basic Charts ActiveX clsid unicode access RuleID : 15089 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual Basic Charts ActiveX clsid access RuleID : 15088 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Common Controls Animation Object ActiveX function call unicode access RuleID : 15087 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Common Controls Animation Object ActiveX function call access RuleID : 15086 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Common Controls Animation Object ActiveX clsid unicode access RuleID : 15085 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Common Controls Animation Object ActiveX clsid access RuleID : 15084 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call unicode access RuleID : 14024 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX function call access RuleID : 14023 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid unicode access RuleID : 14022 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Visual Studio Msmask32 ActiveX clsid access RuleID : 14021 - Revision : 19 - Type : BROWSER-PLUGINS |
Metasploit Database
id | Description |
---|---|
2008-08-13 | Microsoft Visual Studio Mdmask32.ocx ActiveX Buffer Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-02-11 | Name : The remote Windows host is missing a security update containing ActiveX kill ... File : smb_kb_960715.nasl - Type : ACT_GATHER_INFO |
2008-12-10 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-070.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:12 |
|
2015-09-03 21:24:10 |
|
2014-02-17 11:46:07 |
|
2014-01-19 21:30:16 |
|
2013-11-11 12:41:10 |
|
2013-05-11 00:49:23 |
|