CVE-2008-4255

Microsoft Office Frontpage - Memory Corruption

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4255. PoCs published by Jerome Athias.

AI-analyzed exploit summary This exploit generates a malicious .AVI file and an HTML file to trigger a buffer overflow in the Microsoft Visual Basic ActiveX Controls mscomct2.ocx Animation Object (CVE-2008-4255). The PoC serves the file via an UNC path to exploit the vulnerability.

Description

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jerome Athias · perldoswindows

https://www.exploit-db.com/exploits/7431

View Code ZIP pw:eip

This exploit generates a malicious .AVI file and an HTML file to trigger a buffer overflow in the Microsoft Visual Basic ActiveX Controls mscomct2.ocx Animation Object (CVE-2008-4255). The PoC serves the file via an UNC path to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Visual Basic ActiveX Controls mscomct2.ocx

No auth needed

Prerequisites: Debugging Tools for Windows · UNC path to serve the malicious .AVI file

MITRE ATT&CK