Microsoft Visual Studio MaskedEdit ActiveX buffer overflow

Added: 09/03/2008
CVE: CVE-2008-3704
BID: 30674
OSVDB: 47475

Background

Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.

Problem

A buffer overflow in the MaskedEdit ActiveX control allows command execution when a user loads a web page which invokes this control with a long, specially crafted Mask parameter.

Resolution

Apply the patch found in Microsoft Security Bulletin 08-070, or set the kill bit for Class ID C932BA85-4374-101B-A56C-00AA003668DC as decribed in Microsoft Knowledge Base Article 240797.

References

http://secunia.com/advisories/31498/

Limitations

Exploit works on Microsoft Visual Studio 6.0 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index