| Name | MS.Visual.Studio.Msmask32.ActiveX.Control.Access |
| Release Date | Sep 23, 2008 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems. |
| Description | This indicates a possible attempt to exploit a stack-based buffer-overflow in Microsoft Visual Studio.
The vulnerability is located in the "Msmask32.ocx" ActiveX control through
miss-use of "Mask" parameter. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition. |
| Affected Products | Microsoft Msmask32.ocx 6.0.81 69 |
| Recommended Actions | Apply the latest update from the vendor.
http://msdn.microsoft.com/en-us/vstudio/default.aspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3704
|
| Microsoft Bulletin ID | MS08-070 http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx |
| Reference/s | http://www.securityfocus.com/bid/30674 (BugTraq)
http://www.vupen.com/english/advisories/2008/2380 (FrSIRT)
http://milw0rm.com/exploits/6317
|