Release DateSep 23, 2008 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems.Denial of Service: Remote attackers can crash vulnerable systems. |
DescriptionThis indicates a possible attempt to exploit a stack-based buffer-overflow in Microsoft Visual Studio.The vulnerability is located in the "Msmask32.ocx" ActiveX control through miss-use of "Mask" parameter. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition. |
Affected ProductsMicrosoft Msmask32.ocx 6.0.81 69 |
Recommended ActionsApply the latest update from the vendor.http://msdn.microsoft.com/en-us/vstudio/default.aspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-3704 |
Reference/shttp://milw0rm.com/exploits/6317http://www.frsirt.com/english/advisories/2008/2380 (FrSIRT) http://www.securityfocus.com/bid/30674 (BugTraq) http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx (MS-ID) |
