CVE-2008-4252

high Microsoft
CVSS v3 Base Score
8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS Score
57.5%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 10, 2008 (6364 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."

CWE

CWE-264

Affected Products

microsoft office frontpagemicrosoft projectmicrosoft visual basicmicrosoft visual foxpromicrosoft visual studio .net

References

🔗 support.avaya.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov 🔗 www.vupen.com