CVE-2008-3704

High PUBLISHED

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft...

Microsoft · Visual Studio

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.3 High

At a Glance

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."

metasploit dotnet
CVE Published
Aug 18, 2008
Exploitation Reported
Aug 18, 2008
CVSS
9.3 High
EPSS
Remote Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • MS08-070 docs.microsoft.com · Vendor Advisory https://docs.microsoft.com/en-us/security-updates/securitybulletins/2...
  • 31498 secunia.com · Third-Party Advisory http://secunia.com/advisories/31498
  • TA08-344A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA08-344A.html
  • 6244 exploit-db.com · Exploit https://www.exploit-db.com/exploits/6244
  • 6317 exploit-db.com · Exploit https://www.exploit-db.com/exploits/6317
Show 7 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.