CVE-2008-4254

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Basic 6.0 Microsoft Visual FoxPro versions 8.0 SP1 through 9.0 SP2

Description: The issue is related to multiple integer overflows in the Hierarchical FlexGrid ActiveX control, which allows remote attackers to execute arbitrary code. This is achieved by crafting specific properties, such as Rows and Cols, to the ExpandAll and CollapseAll methods. The exploitation is linked to the access of incorrectly initialized objects and the corruption of the system state.

Recommendations: For Microsoft Visual Basic 6.0, update to a version that includes the fix for the Hierarchical FlexGrid Control Memory Corruption issue. For Microsoft Visual FoxPro versions 8.0 SP1 through 9.0 SP2, update to a version that includes the fix for the Hierarchical FlexGrid Control Memory Corruption issue. As a temporary workaround, consider restricting access to the Hierarchical FlexGrid ActiveX control until a patch is available.