CVE-2008-4253

N/A Unknown
Published: December 10, 2008 Modified: April 23, 2026
View on NVD

Description

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
Source: secure@microsoft.com
http://www.securityfocus.com/bid/32592
Source: secure@microsoft.com
http://www.securitytracker.com/id?1021369
Source: secure@microsoft.com
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
Source: secure@microsoft.com
US Government Resource
http://www.vupen.com/english/advisories/2008/3382
Source: secure@microsoft.com
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
Source: secure@microsoft.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5994
Source: secure@microsoft.com
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/32592
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1021369
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2008/3382
Source: af854a3a-2127-422b-91ae-364da2661108
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5994
Source: af854a3a-2127-422b-91ae-364da2661108

14 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
57.5%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-399

Affected Vendors

microsoft

Related CVEs

CVE-2026-41044 N/A
CVE-2026-41043 N/A
CVE-2026-40466 N/A
CVE-2025-62233 N/A
CVE-2026-6272 N/A