Article ID: 932349 - Last Review: December 16, 2008 - Revision: 4.0

MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) could allow remote code execution

View products that this article applies to.

On This Page

Expand all | Collapse all

INTRODUCTION

Microsoft has released security bulletin MS08-070. To view the complete security bulletin, visit one of the following Microsoft Web sites:
Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:
http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)
North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:
http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)
For enterprise customers, support for security updates is available through your usual support contacts.
Back to the top

MORE INFORMATION

Update removal information

For information about how to remove this update, refer to the individual Knowledge Base Articles that are listed in the "Additional information about this security update" section. The individual articles contain information about whether the updates may be uninstalled by using the Add or Remove Programs item in Control Panel.
Back to the top

Known issues with this security update

You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, you may experience either of the following problems:
  • You may receive an error message that resembles the following when you try to run a macro:
    Object library invalid or contains references to object definitions that could not be found.
    When this problem occurs, the macro does not run.
  • You may receive an error message that resembles the following when you try to add one of the updated controls to an Office Visual Basic for Applications form:
    Element not found.
    When this problem occurs, the control is not added to the form.
Solutions that do not use the control in VBA are not affected by this problem. Compiled Visual Basic 6.0 solutions are not affected. Web-based solutions are not affected. .NET solutions are not affected. Only VBA-based solutions that create an instance of the control directly through Office are affected.

To resolve this issue, install the cumulative update rollup for the Visual Basic 6.0 Service Pack 6 Runtime Extended Files update. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
957924  (http://support.microsoft.com/kb/957924/ ) Description of the cumulative update rollup for the Visual Basic 6.0 Service Pack 6 Runtime Extended Files
If you are using Office Visual Basic for Applications, you may also need to delete the cached versions of the control type libraries. To do this, search your hard drive for ".exd," and delete all the .exd files. The .exd files will be re-created automatically using the new controls the next time that you use VBA.
Back to the top

Additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:
  • 958369  (http://support.microsoft.com/kb/958369/ ) MS08-070: Description of the security update for Microsoft Visual FoxPro 8.0 Service Pack 1: December 9, 2008
  • 958370  (http://support.microsoft.com/kb/958370/ ) MS08-070: Description of the security update for Microsoft Visual FoxPro 9.0 Service Pack 1: December 9, 2008
  • 958371  (http://support.microsoft.com/kb/958371/ ) MS08-070: Description of the security update for Microsoft Visual FoxPro 9.0 Service Pack 2: December 9, 2008
  • 958392  (http://support.microsoft.com/kb/958392/ ) MS08-070: Description of the security update for the Microsoft Visual Studio .NET 2002 Service Pack 1 development platform: December 9, 2008
  • 958393  (http://support.microsoft.com/kb/958393/ ) MS08-070: Description of the security update for Microsoft Visual Studio .NET 2003 Service Pack 1 development platform: December 9, 2008
  • 926857  (http://support.microsoft.com/kb/926857/ ) MS08-070: Description of the security update for Microsoft Visual Basic 6.0 Service Pack 6 Runtime Extended Files: December 9, 2008
  • 957797  (http://support.microsoft.com/kb/957797/ ) MS08-070: Description of the security update for Office XP: December 9, 2008
  • 949045  (http://support.microsoft.com/kb/949045/ ) MS08-070: Description of the security update for Project 2003: December 9, 2008
  • 949046  (http://support.microsoft.com/kb/949046/ ) MS08-070: Description of the security update for Project 2007: December 9, 2008
Back to the top

FILE INFORMATION

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Back to the top

Microsoft Visual FoxPro 8.0 Service Pack 1

Collapse this tableExpand this table
File NameVersionDateTimeSize
Comct232.msm20-Oct-200822:45107,008
Comct232.ocx6.0.98.1211-Oct-200803:36170,584
Mschrt20.msm20-Oct-200822:45495,104
Mschrt20.ocx6.1.98.1211-Oct-200803:361,030,984
Mscomct2.msm20-Oct-200822:45376,320
Mscomct2.ocx6.1.98.1211-Oct-200803:36656,200
Msflxgrd.msm20-Oct-200822:46129,024
Msflxgrd.ocx6.1.98.1111-Oct-200803:36259,912
Mshflxgd.msm20-Oct-200822:46220,160
Mshflxgd.ocx6.1.98.1211-Oct-200803:36444,504
Msmask32.msm20-Oct-200822:4699,840
Msmask32.ocx6.1.98.1211-Oct-200803:36179,528
Mswinsck.msm20-Oct-200822:4776,288
Mswinsck.ocx6.1.98.1211-Oct-200803:36128,840
Back to the top

Microsoft Visual FoxPro 9.0 Service Pack 1

Collapse this tableExpand this table
File NameVersionDateTimeSize
Comct232.msm20-Oct-200822:45107,008
Comct232.ocx6.0.98.1211-Oct-200803:36170,584
Mschrt20.msm20-Oct-200822:45495,104
Mschrt20.ocx6.1.98.1211-Oct-200803:361,030,984
Mscomct2.msm20-Oct-200822:45376,320
Mscomct2.ocx6.1.98.1211-Oct-200803:36656,200
Msflxgrd.msm20-Oct-200822:46129,024
Msflxgrd.ocx6.1.98.1111-Oct-200803:36259,912
Mshflxgd.msm20-Oct-200822:46220,160
Mshflxgd.ocx6.1.98.1211-Oct-200803:36444,504
Msmask32.msm20-Oct-200822:4699,840
Msmask32.ocx6.1.98.1211-Oct-200803:36179,528
Mswinsck.msm20-Oct-200822:4776,288
Mswinsck.ocx6.1.98.1211-Oct-200803:36128,840
Back to the top

Microsoft Visual FoxPro 9.0 Service Pack 2

Collapse this tableExpand this table
File NameVersionDateTimeSize
Comct232.msm14-Oct-200821:49100,352
Comct232.ocx6.0.98.1211-Oct-200803:36170,584
Mschrt20.msm14-Oct-200821:49495,104
Mschrt20.ocx6.1.98.1211-Oct-200803:361,030,984
Mscomct2.msm14-Oct-200821:49376,320
Mscomct2.ocx6.1.98.1211-Oct-200803:36656,200
Msflxgrd.msm14-Oct-200821:49129,024
Msflxgrd.ocx6.1.98.1111-Oct-200803:36259,912
Mshflxgd.msm14-Oct-200821:49220,160
Mshflxgd.ocx6.1.98.1211-Oct-200803:36444,504
Msmask32.msm14-Oct-200821:4999,840
Msmask32.ocx6.1.98.1211-Oct-200803:36179,528
Mswinsck.msm14-Oct-200821:5071,680
Mswinsck.ocx6.1.98.1211-Oct-200803:36128,840
Tlbinf32.msm16-Oct-200804:45142,336
Back to the top

Microsoft Visual Studio .NET 2002 Service Pack 1 development platform

Collapse this tableExpand this table
File NameVersionDateTimeSize
Mschrt20.ocx6.1.98.1210-Oct-200820:361,030,984
Mscomct2.ocx1.0.0.115-Nov-200122:13126,464
Msmask32.ocx6.1.98.1210-Oct-200820:36179,528
Msmask32_x86.msm15-Oct-200805:37127,488
Msmask32_x86_chs.msm16-Oct-200812:1945,568
Msmask32_x86_cht.msm16-Oct-200812:1946,080
Msmask32_x86_deu.msm15-Oct-200805:3746,592
Msmask32_x86_enu.msm14-Oct-200822:3333,280
Msmask32_x86_esn.msm16-Oct-200815:3846,080
Msmask32_x86_fra.msm16-Oct-200815:3846,080
Msmask32_x86_ita.msm16-Oct-200815:3846,080
Msmask32_x86_jpn.msm15-Oct-200805:3746,080
Msmask32_x86_kor.msm16-Oct-200812:1946,080
Vb_control_mschart_rtl_x86_---.msm15-Oct-200805:37463,872
Vb_control_mschart_rtl_x86_chs.msm16-Oct-200812:1956,320
Vb_control_mschart_rtl_x86_cht.msm16-Oct-200812:1956,832
Vb_control_mschart_rtl_x86_deu.msm15-Oct-200805:3760,416
Vb_control_mschart_rtl_x86_enu.msm14-Oct-200822:3333,280
Vb_control_mschart_rtl_x86_esn.msm16-Oct-200815:3859,392
Vb_control_mschart_rtl_x86_fra.msm16-Oct-200815:3859,392
Vb_control_mschart_rtl_x86_ita.msm16-Oct-200815:3859,392
Vb_control_mschart_rtl_x86_jpn.msm15-Oct-200805:3757,856
Vb_control_mschart_rtl_x86_kor.msm16-Oct-200812:1957,344
Back to the top

Microsoft Visual Studio .NET 2003 Service Pack 1 development platform

Collapse this tableExpand this table
File NameVersionDateTimeSize
Mschrt20.ocx6.1.98.1210-Oct-200820:361,030,984
Msmask32.ocx6.1.98.1210-Oct-200820:36179,528
Msmask32_x86.msm21-Oct-200820:29127,488
Msmask32_x86_chs.msm24-Oct-200823:2946,080
Msmask32_x86_cht.msm24-Oct-200823:2946,592
Msmask32_x86_deu.msm23-Oct-200800:2347,104
Msmask32_x86_enu.msm21-Oct-200820:2933,280
Msmask32_x86_esn.msm23-Oct-200800:2346,592
Msmask32_x86_fra.msm23-Oct-200800:2346,592
Msmask32_x86_ita.msm23-Oct-200800:2346,592
Msmask32_x86_jpn.msm21-Oct-200820:2946,592
Msmask32_x86_kor.msm24-Oct-200823:2946,592
Vb_control_mschart_rtl_x86_---.msm21-Oct-200820:29465,408
Vb_control_mschart_rtl_x86_chs.msm24-Oct-200823:2956,832
Vb_control_mschart_rtl_x86_cht.msm24-Oct-200823:2957,344
Vb_control_mschart_rtl_x86_deu.msm23-Oct-200800:2360,928
Vb_control_mschart_rtl_x86_enu.msm21-Oct-200820:2933,280
Vb_control_mschart_rtl_x86_esn.msm23-Oct-200800:2359,904
Vb_control_mschart_rtl_x86_fra.msm23-Oct-200800:2359,904
Vb_control_mschart_rtl_x86_ita.msm23-Oct-200800:2359,904
Vb_control_mschart_rtl_x86_jpn.msm21-Oct-200820:2958,368
Vb_control_mschart_rtl_x86_kor.msm24-Oct-200823:2957,856
Back to the top

Microsoft Visual Basic 6.0 Service Pack 6 Runtime Extended Files

Collapse this tableExpand this table
File NameVersionDateTimeSize
Comct232.cab10-Oct-200820:4187,859
Comct232.dep10-Oct-200818:512,495
Comct232.ocx6.0.98.1210-Oct-200820:36170,584
Mschrt20.cab10-Oct-200820:42453,997
Mschrt20.dep10-Oct-200818:592,494
Mschrt20.ocx6.1.98.1210-Oct-200820:361,030,984
Mscomct2.cab10-Oct-200820:42336,516
Mscomct2.dep10-Oct-200818:542,494
Mscomct2.ocx6.1.98.1210-Oct-200820:36656,200
Msdatgrd.cab10-Oct-200820:42134,545
Msdatgrd.dep10-Oct-200818:592,514
Msdatgrd.ocx6.1.98.1210-Oct-200820:36279,368
Msflxgrd.cab10-Oct-200820:42113,567
Msflxgrd.dep09-Oct-200823:452,494
Msflxgrd.ocx6.1.98.1110-Oct-200820:36259,912
Mshflxgd.cab10-Oct-200820:42209,282
Mshflxgd.dep10-Oct-200819:062,524
Mshflxgd.ocx6.1.98.1210-Oct-200820:36444,504
Msmask32.cab10-Oct-200820:4191,429
Msmask32.dep10-Oct-200818:552,494
Msmask32.ocx6.1.98.1210-Oct-200820:36179,528
Mswinsck.cab10-Oct-200820:4165,565
Mswinsck.dep10-Oct-200818:572,463
Mswinsck.ocx6.1.98.1210-Oct-200820:36128,840
Back to the top

Microsoft Office XP

Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Msflxgrd.ocx6.1.98.6262,14430-Sep-200817:11
Back to the top

Microsoft Office Project 2003

Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Mscomct2.ocx6.1.98.11658,43211-Jun-200823:02
Msflxgrd.ocx6.1.98.6262,14411-Jun-200823:02
Back to the top

Microsoft Office Project 2007

Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Mscomct2.ocx6.1.98.11658,43218-Sep-200805:17
Back to the top
APPLIES TO
  • Microsoft Visual Basic 6.0 Enterprise Edition
  • Microsoft Visual Basic 6.0 Standard Edition
  • Microsoft Visual Basic 6.0 Professional Edition
  • Microsoft Visual Studio .NET 2003 Service Pack 1, when used with:
    • Microsoft Visual Studio .NET 2003 Academic Edition
    • Microsoft Visual Studio .NET 2003 Enterprise Architect
    • Microsoft Visual Studio .NET 2003 Enterprise Developer
    • Microsoft Visual Basic .NET 2003 Standard Edition
    • Microsoft Visual C++ .NET 2003 Standard Edition
    • Microsoft Visual C# .NET 2003 Standard Edition
    • Microsoft Visual J# .NET 2003 Standard Edition
  • Microsoft Visual Studio .NET 2002 Service Pack 1, when used with:
    • Microsoft Visual Studio .NET 2002 Academic Edition
    • Microsoft Visual Studio .NET 2002 Enterprise Architect
    • Microsoft Visual Studio .NET 2002 Enterprise Developer
    • Microsoft Visual Basic .NET 2002 Standard Edition
    • Microsoft Visual C++ .NET 2002 Standard Edition
    • Microsoft Visual C# .NET 2002 Standard Edition
  • Microsoft Visual FoxPro 8.0 Service Pack 1
  • Microsoft Visual FoxPro 9.0 Service Pack 1
  • Microsoft Visual FoxPro 9.0 Service Pack 2
  • Microsoft FrontPage 2002 Service Pack 3 (SP3)
  • Microsoft Office Project 2003 Service Pack 3
  • Microsoft Office Project Professional 2007
  • Microsoft Office Project Standard 2007
  • Microsoft Office Project 2007 Service Pack 1
Back to the top
Keywords: 
kbexpertiseadvanced kbpubtypekc kbfix kbbug kbsecvulnerability kbsecbulletin kbsecurity kbqfe kbsurveynew KB932349
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations