(MS08-070) Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

Vulnerability Identifier: CVE-2008-4252; CVE-2008-4253; CVE-2008-4254; CVE-2008-4255; CVE-2008-4256; CVE-2008-3704

Discovery Date: Dec 9, 2008

Risk: Critical

Affected Software:

Microsoft Office FrontPage 2002 Service Pack 3
Microsoft Office Project 2003 Service Pack 3
Microsoft Office Project 2007
Microsoft Office Project 2007 Service Pack 1
Microsoft Visual Basic 6.0 Runtime Extended Files
Microsoft Visual FoxPro 8.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 2
Microsoft Visual Studio .NET 2002 Service Pack 1
Microsoft Visual Studio .NET 2003 Service Pack 1

Description:

This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch Information:

Patches for this vulnerability can be downloaded on this Microsoft Web page.

Search for another Security Advisory