← Back

CVE-2008-4252

nvd nist
Published: Dec 10, 2008Modified: Apr 23, 2026

JSON object

Loading...
8.5
Vector
AV:N/AC:M/Au:S/C:C/I:C/A:C
Exploitability: 6.8 / Impact: 10.0
Source: NVD

Description

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."

Affected (10)

Microsoft
5 products
Office Frontpage
Project
Visual Basic
Visual Foxpro
Visual Studio .net
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Office Frontpage
Version 2002 sp3
Microsoft
Project
Version 2003 sp3
Project
Version 2007
Project
Version 2007 sp1
Visual Basic
Version 6.0
Microsoft
Visual Foxpro
Version 8.0 sp1
Visual Foxpro
Version 9.0 sp1
Visual Foxpro
Version 9.0 sp2
Microsoft
Visual Studio .net
Version 2002 sp1
Visual Studio .net
Version 2003 sp1

Related CWEs

CWE-264
CWE-264

References (14)

Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.