=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN570
_____________________________________________________________________

DATE                      : 10/12/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Visual Basic 6.0.

======================================================================
KB932349
http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-070 - Critical
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls)
Could Allow Remote Code Execution (932349)

   Published: December 9, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves five privately reported vulnerabilities and
   one publicly disclosed vulnerability in the ActiveX controls for the
   Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities
   could allow remote code execution if a user browsed a Web site that contains
   specially crafted content. Users whose accounts are configured to have fewer
   user rights on the system could be less impacted than users who operate with
   administrative user rights.

   This security update is rated Critical for supported components of the
   Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of
   Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003,
   Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office
   Project 2003, Microsoft Office Project 2007; and the Chinese Simplified
   (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean
   versions of Microsoft Office FrontPage 2002. For more information, see the
   subsection, Affected and Non-Affected Software, in this section.

   The security update addresses the vulnerabilities by improving validation
   and error handling within the ActiveX controls. For more information about
   the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for
   the specific vulnerability entry under the next section, Vulnerability
   Information.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

   Known Issues. Microsoft Knowledge Base Article 932349 documents the
   currently known issues that customers may experience when installing this
   security update. The article also documents recommended solutions for these
   issues.

Affected Software

   Microsoft Visual Basic 6.0 Runtime Extended Files	

   Microsoft Visual Studio .NET 2002 Service Pack 1

   Microsoft Visual Studio .NET 2003 Service Pack 1

   Microsoft Visual FoxPro 8.0 Service Pack 1

   Microsoft Visual FoxPro 9.0 Service Pack 1

   Microsoft Visual FoxPro 9.0 Service Pack 2

   Microsoft Office Software	 	 	

   Microsoft Office FrontPage 2002 Service Pack 3*

   Microsoft Office Project 2003 Service Pack 3

   Microsoft Office Project 2007

   Microsoft Office Project 2007 Service Pack 1

   * This update only applies to FrontPage 2002 Service Pack 3 versions in
   Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional
   (Taiwan), and Korean.

Vulnerability Information

DataGrid Control Memory Corruption Vulnerability - CVE-2008-4252

   A remote code execution vulnerability exists in the DataGrid ActiveX
   Control for Visual Basic 6. An attacker could exploit the vulnerability
   by constructing a specially crafted Web page. When a user views the Web
   page, the vulnerability could allow remote code execution. An attacker
   who successfully exploited this vulnerability could gain the same user
   rights as the logged-on user.
	
FlexGrid Control Memory Corruption Vulnerability - CVE-2008-4253

   A remote code execution vulnerability exists in the FlexGrid ActiveX
   Control for Visual Basic 6. An attacker could exploit the vulnerability
   by constructing a specially crafted Web page. When a user views the Web
   page, the vulnerability could allow remote code execution. An attacker
   who successfully exploited this vulnerability could gain the same user
   rights as the logged-on user.

Hierarchical FlexGrid Control Memory Corruption Vulnerability - CVE-2008-4254

   A remote code execution vulnerability exists in the Hierarchical FlexGrid
   ActiveX Control for Visual Basic 6. An attacker could exploit the
   vulnerability by constructing a specially crafted Web page. When a user
   views the Web page, the vulnerability could allow remote code execution.
   An attacker who successfully exploited this vulnerability could gain the
   same user rights as the logged-on user.

Windows Common AVI Parsing Overflow Vulnerability - CVE-2008-4255

   A remote code execution vulnerability exists in the Windows Common ActiveX
   Control for Visual Basic 6. An attacker could exploit the vulnerability by
   constructing a specially crafted Web page. When a user views the Web page,
   the vulnerability could allow remote code execution. An attacker who
   successfully exploited this vulnerability could gain the same user rights
   as the logged-on user.
	
Charts Control Memory Corruption Vulnerability - CVE-2008-4256

   A remote code execution vulnerability exists in the Charts ActiveX Control
   for Visual Basic 6. An attacker could exploit the vulnerability by
   constructing a specially crafted Web page. When a user views the Web page,
   the vulnerability could allow remote code execution. An attacker who
   successfully exploited this vulnerability could gain the same user rights
   as the logged-on user.

Masked Edit Control Memory Corruption Vulnerability - CVE-2008-3704

   A remote code execution vulnerability exists in the Masked Edit ActiveX
   Control for Visual Basic 6. An attacker could exploit the vulnerability by
   constructing a specially crafted Web page. When a user views the Web page,
   the vulnerability could allow remote code execution. An attacker who
   successfully exploited this vulnerability could gain the same user rights
   as the logged-on user.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================