Back to KEVs

CVE-2008-3704

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 18, 2008
Published Date
August 18, 2008
Last Updated
August 07, 2024
Vendor
Microsoft
Product
Visual Studio
Description
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
Tags
dotnet metasploit_scanner

CVSS Scores

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2008-08-18 19:00:00 UTC) Source

References

http://www.securitytracker.com/id?1020710 http://www.vupen.com/english/advisories/2008/2380 http://www.vupen.com/english/advisories/2008/3382 http://secunia.com/advisories/31498 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794 http://www.securityfocus.com/bid/30674 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070 https://www.exploit-db.com/exploits/6244 http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm http://www.us-cert.gov/cas/techalerts/TA08-344A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/44444 https://www.exploit-db.com/exploits/6317

Known Exploited Vulnerability Information

Source Added Date
CVE 2008-08-18 19:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb 2025-04-29 11:01:32 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ms08_070_visual_studio_msmask

Type: metasploit • Created: Unknown

Metasploit module for CVE-2008-3704

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit