← Back

CVE-2008-4254

nvd nist
Published: Dec 10, 2008Modified: Apr 23, 2026

JSON object

Loading...
8.5
Vector
AV:N/AC:M/Au:S/C:C/I:C/A:C
Exploitability: 6.8 / Impact: 10.0
Source: NVD

Description

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

Affected (10)

Microsoft
5 products
Office Frontpage
Project
Visual Basic
Visual Foxpro
Visual Studio .net
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Office Frontpage
Version 2002 sp3
Microsoft
Project
Version 2003 sp3
Project
Version 2007
Project
Version 2007 sp1
Visual Basic
Version 6.0
Microsoft
Visual Foxpro
Version 8.0 sp1
Visual Foxpro
Version 9.0 sp1
Visual Foxpro
Version 9.0 sp2
Microsoft
Visual Studio .net
Version 2002 sp1
Visual Studio .net
Version 2003 sp1

Related CWEs

CWE-189
CWE-189

References (16)

Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.