Home / bulletins MS08-070 - Critical: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) - Version:1.2
Posted on 12 February 2009
There is an newer version: MS08-070 - Version: 1.2
CriticalSeverity Rating: Critical - Revision Note: V1.2 (February 11, 2009): Clarified the class IDs for two ActiveX controls. First, listed a second class ID in the workaround, "Prevent Windows Common AVI ActiveX Control from running in Internet Explorer," for CVE-2008-4255. Second, listed in the section, Frequently asked questions (FAQ) related to this security update, the class ID for the Winsock Control for which the kill bit is being set as a security-related change to functionality in this update. This is an informational change only. There were no changes to the security update files in this bulletin.Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other versions
- MS08-070 - Version: 1.0
- MS08-070 - Version: 1.1
- MS08-070 - Version: 1.2
- MS08-070 - Version: 1.2
