Vulnerabilities

The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic 6.0 and... (PC1-2008-0993)

Vulnerability chart	Risk level Low Medium High Extreme Severe Warning: security vulnerability level = severe 6 vulnerabilities(-y) found between 12 September, 2002 and 10 December, 2008. Visual FoxPro 9.0 points to a data-centric object-oriented and procedural... more Risk level Low Medium High Extreme Severe Warning: security vulnerability level = severe 19 vulnerabilities(-y) found between 14 September, 2003 and 10 December, 2008. Visual Basic (VB) refers to the third-generation event-driven programming... more See also: Visual Basic 1386 files found: MQAPITST.EXE, dac.exe, pws.exe, mdac_typ.exe, mtxtstop.exe, cabarc.exe, vbbank.exe, odbcsp32.exe, MSJavx86.exe, inetmgr.exe, OUTEMERG.EXE, MigRepV2.exe, oleview.exe, DUMPIS.EXE, mtxstop.exe... more The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects.
Remote Access Unknown patch availability Patch implementation unknown

Description:	By usinf this type of vulnerability, remote attackers are able to execute arbitrary code. They might be able to execute such attack through a crafted HTML document, associated corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
Impact:	With the help of this type of vulnerability, remote attackers are enabled to make changes without any authorization and break up a service.
References:	http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx

CVSS Severity		CVSS Version 2 Metrics:
CVSS v2 Base Score:	8.5 (HIGH)	Access Vector:	N/A
Impact Subscore:	10.0	Access Complexity:	Medium
Exploitability Subscore:	6.8	Authentication:	Required to exploit
		Impact Type:	; Allows unauthorized modification; Allows disruption of service