PT-2008-5431 · Componentone · Vsflexgrid
Published
2008-09-19
·
Updated
2017-08-08
·
CVE-2008-4132
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ComponentOne VSFlexGrid versions 7.0.1.151 through 8.0.20072.239
Description
The issue is related to a stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control. This can be exploited by remote attackers to execute arbitrary code via a long first argument to the
Archive method.Recommendations
For versions 7.0.1.151 through 8.0.20072.239, consider disabling the
Archive method in the VSFlexGrid.VSFlexGridL ActiveX control as a temporary workaround until a patch is available. Restrict access to this control to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vsflexgrid