CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS08-070 | Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) | Microsoft Office | Critical | 10-12-2008 |
Technical Information
Brief overview of the risk:
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content.
Detailed Information on the risk:
A remote code execution vulnerability exists in the DataGrid ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Further information on this exploit is available at : MS08-070
Affected Software
Microsoft Office FrontPage 2002 Service Pack 3Microsoft Office Project 2003 Service Pack 3
Microsoft Office Project 2007
Microsoft Office Project 2007 Service Pack 1
Microsoft Visual Basic 6.0 Runtime Extended Files
Microsoft Visual FoxPro 8.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 2
Microsoft Visual Studio .NET 2002 Service Pack 1
Microsoft Visual Studio .NET 2003 Service Pack 1