|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-05 | |
| Rule Name: | Microsoft Visual Basic 6.0 Charts ActiveX Control DoSetCursor Parameter Memory Corruption Vulnerability (CVE-2008-4256) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:32614 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm SecurityTrackerID:1021369 |
|
| Solutions |
|---|
| Microsoft has released a patch MS08-070 to eliminate the vulnerability. The patch can be downloaded at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 |