CVE-2008-4254

high Microsoft
CVSS v3 Base Score
8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS Score
55.0%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 10, 2008 (6364 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

CWE

CWE-189

Affected Products

microsoft office frontpagemicrosoft projectmicrosoft visual basicmicrosoft visual foxpromicrosoft visual studio .net

References

🔗 secunia.com 🔗 support.avaya.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov