CVE-2008-3704 - OpenCVE

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Visual Studio .net Visual Studio Visual Foxpro Visual Basic

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:visual_basic:6.0:::::::*
	cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1::::::
	cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1::::::
	cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2::::::
	cpe:2.3:a:microsoft:visual_studio:6.0:::::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1::::::
	cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1::::::

References

Link	Resource
http://secunia.com/advisories/31498	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
http://www.securityfocus.com/bid/30674	Exploit Patch
http://www.securitytracker.com/id?1020710
http://www.us-cert.gov/cas/techalerts/TA08-344A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/2380	Vendor Advisory
http://www.vupen.com/english/advisories/2008/3382	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
https://exchange.xforce.ibmcloud.com/vulnerabilities/44444
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794
https://www.exploit-db.com/exploits/6244
https://www.exploit-db.com/exploits/6317