{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not \"validating property values with boundary checks,\" as exploited in the wild in August 2008, aka \"Masked Edit Control Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1020710", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020710"}, {"name": "ADV-2008-2380", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2380"}, {"name": "ADV-2008-3382", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3382"}, {"name": "31498", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31498"}, {"name": "oval:org.mitre.oval:def:5794", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"}, {"name": "30674", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30674"}, {"name": "MS08-070", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"}, {"name": "6244", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6244"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"}, {"name": "TA08-344A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "visualstudio-maskededit-bo(44444)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"}, {"name": "6317", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6317"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3704", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not \"validating property values with boundary checks,\" as exploited in the wild in August 2008, aka \"Masked Edit Control Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1020710", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020710"}, {"name": "ADV-2008-2380", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2380"}, {"name": "ADV-2008-3382", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3382"}, {"name": "31498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31498"}, {"name": "oval:org.mitre.oval:def:5794", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"}, {"name": "30674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30674"}, {"name": "MS08-070", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"}, {"name": "6244", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6244"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"}, {"name": "TA08-344A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "visualstudio-maskededit-bo(44444)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"}, {"name": "6317", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6317"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:45:19.094Z"}, "title": "CVE Program Container", "references": [{"name": "1020710", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020710"}, {"name": "ADV-2008-2380", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2380"}, {"name": "ADV-2008-3382", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3382"}, {"name": "31498", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31498"}, {"name": "oval:org.mitre.oval:def:5794", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"}, {"name": "30674", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30674"}, {"name": "MS08-070", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"}, {"name": "6244", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6244"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"}, {"name": "TA08-344A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"name": "visualstudio-maskededit-bo(44444)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"}, {"name": "6317", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6317"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3704", "datePublished": "2008-08-18T19:00:00", "dateReserved": "2008-08-18T00:00:00", "dateUpdated": "2024-08-07T09:45:19.094Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_basic:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "42D281B3-B2E0-4E36-B1BD-83865AE4B3C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "478347F8-6256-4DE6-AD6A-91631A9E6DD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*", "matchCriteriaId": "747E3E3A-85C1-4E55-B7F8-C5207F247498", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*", "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not \"validating property values with boundary checks,\" as exploited in the wild in August 2008, aka \"Masked Edit Control Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el control ActiveX de MaskedEdit en msmask32.ocx versi\u00f3n 6.0.81.69, y posiblemente en otras versiones anteriores a 6.0.84.18, en Visual Studio versi\u00f3n 6.0, Visual Basic versi\u00f3n 6.0, Visual Studio .NET 2002 SP1 y 2003 SP1, y Visual FoxPro versiones 8.0 SP1 y 9.0 SP1 y SP2, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un par\u00e1metro Mask largo, relacionado con la no \"validating property values with boundary checks\", como se explot\u00f3 \u201cin the wild\u201d en Agosto de 2008, tambi\u00e9n se conoce como \"Masked Edit Control Memory Corruption Vulnerability\"."}], "evaluatorComment": "Additional advisory information from Secunia: http://secunia.com/advisories/31498/", "evaluatorSolution": "\"Visual Studio 6 was last updated June 2000, a Microsoft spokeswoman told SCMagazineUS.com. The version is no longer supported. Visual Studio 2008 is the latest release and microsoft encourages users to update to the newest version.\"\r\n\r\nSource: http://www.scmagazineus.com/Microsoft-looks-into-Visual-Studio-bug/article/115459/", "id": "CVE-2008-3704", "lastModified": "2024-11-21T00:49:55.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-08-18T19:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31498"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/30674"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020710"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2380"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3382"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6244"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31498"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/30674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020710"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2380"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6317"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}