CVE-2008-3704
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-3704
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft 多个产品中 Msmask32.ocx 栈溢出漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Msmask32.ocx 6.0.81.69及6.0.84.18版本以前其他版本中的MaskedEdit ActiveX控件(Microsoft Visual Studio 6.0/Visual Basic 6.0/Visual Studio .NET 2002 SP1&2003 SP1/Visual FoxPro 8.0 SP1&9.0 SP1及SP2中均有使用)存在堆缓冲区溢出漏洞。 由于没有进行边界检查,远程攻击者可以借助一个超长的Mask参数来执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-3704
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-3704
Please Login to view more intelligence information
- http://support.avaya.com/elmodocs2/security/ASA-2008-473.htmx_refsource_CONFIRM
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070vendor-advisoryx_refsource_MS
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2008-3704
Same Patch Batch · n/a · 2008-08-18 · 11 CVEs total
| CVE-2008-2233 | Openwsman client SSL会话重放漏洞 | |
| CVE-2008-2234 | Openwsma 多个 缓冲区溢出漏洞 | |
| CVE-2008-3270 | RedHat yum-rhn-plugin 拒绝服务漏洞 | |
| CVE-2008-3276 | Linux kernel 数字错误漏洞 | |
| CVE-2008-3324 | PartyGaming PartyPoker client 远程代码执行漏洞 | |
| CVE-2008-3533 | Yelp 格式化串 远程执行任意代码漏洞 | |
| CVE-2008-3703 | Volume Manager Scheduler Service安全漏洞 | |
| CVE-2003-1563 | Oracle Sun Cluster 安全漏洞 | |
| CVE-2008-2936 | Postfix 权限许可和访问控制问题漏洞 | |
| CVE-2008-2937 | Postfix 本地信息泄露漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2008-3704
No comments yet