Public exploits available
On this page
A remote code execution vulnerability exists in the Hierarchical FlexGrid ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page.
If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Technical details (analysis)
When the FlexGrid ActiveX control is used in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code. An attacker could exploit the vulnerability by hosting a specially crafted Web site that is designed to invoke the ActiveX control through Internet Explorer.
Microsoft Visual Basic 6.0 Runtime Extended Files
Microsoft Visual Studio .NET 2002 Service Pack 1
Microsoft Visual Studio .NET 2003 Service Pack 1
Microsoft Visual FoxPro 8.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 2
Microsoft Office FrontPage 2002 Service Pack 3
Microsoft Office Project 2003 Service Pack 3
Microsoft Office Project 2007
Microsoft Office Project 2007 Service Pack 1
Microsoft Visual Studio 2005 Service Pack 1
Microsoft Visual Studio 2008
Microsoft Visual Studio 2008 Service Pack 1
Microsoft Office FrontPage 2000 Service Pack 3
Microsoft Office FrontPage 2003 Service Pack 3
Microsoft Expression Web
Microsoft Expression Web 2
Microsoft Project 2000 Service Release 1
Microsoft Project 2002 Service Pack 1
Microsoft Office Project Server 2003 Service Pack 3
Microsoft Office Project Portfolio Server 2007
Microsoft Office Project Portfolio Server 2007 Service Pack 1
Microsoft Office Project Server 2007
Microsoft Office Project Server 2007 Service Pack 1
Release Date: 2009-08-07T00:00:00
Known false positives
No known false positives at this time.
No known work-arounds at this time.