CVE-2008-4253

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Basic 6.0 Visual FoxPro versions 8.0 SP1 through 9.0 SP2 Office FrontPage 2002 SP3 Office Project 2003 SP3

Description: The issue arises from the FlexGrid ActiveX control's failure to properly handle errors when accessing incorrectly initialized objects. This allows remote attackers to execute arbitrary code via a crafted HTML document, potentially corrupting the system state. An attacker could exploit this by constructing a specially crafted Web page, which when viewed by a user, could allow remote code execution. The attacker could gain the same user rights as the logged-on user.

Recommendations: For Microsoft Visual Basic 6.0, update to a version that includes the fix for the FlexGrid ActiveX control issue. For Visual FoxPro versions 8.0 SP1 through 9.0 SP2, apply the necessary patch to resolve the FlexGrid ActiveX control vulnerability. For Office FrontPage 2002 SP3 and Office Project 2003 SP3, consider disabling the FlexGrid ActiveX control as a temporary workaround until a patch is available.