|
|
| |
Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2007-72/
|
| |
Vulnerable Systems:
* Microsoft Hierarchical FlexGrid Control version 6.0.88.4
The vulnerabilities are caused due to integer overflow errors in the ActiveX control (mshflxgd.ocx) when handling the "Rows" and "Cols" properties and the "ExpandAll()" and "CollapseAll()" methods. These can be exploited to corrupt memory.
Successful exploitation allows execution of arbitrary code.
Solution:
Install Microsoft provided patch MS08-070 (KB932349): http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx
Time Table:
28/08/2007 - Vendor notified.
28/08/2007 - Vendor response.
26/09/2007 - Additional information provided and status update requested.
26/09/2007 - Vendor informs that status update will be provided soon.
10/10/2007 - Vendor provides status update.
23/11/2007 - Status update requested.
24/11/2007 - Vendor provides status update.
15/08/2008 - Status update requested.
09/09/2008 - Status update requested.
26/09/2008 - Status update requested and vendor informed that advisory will be published in a week if no status update is provided.
29/09/2008 - Vendor provides status update.
31/10/2008 - Vendor provides status update (targeted for November).
07/11/2008 - Vendor provides status update (targeted for December).
05/12/2008 - Vendor provides status update (on track for December).
09/12/2008 - Vendor acknowledges that fix will be issued today.
09/12/2008 - Vendor publishes security bulletin.
09/12/2008 - Public disclosure.
CVE Information:
CVE-2008-4254
|
|
|
