ID CVE-2009-0901
Summary The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:visual_c%2b%2b:2005:sp1_redistribution_pkg
    cpe:2.3:a:microsoft:visual_c%2b%2b:2005:sp1_redistribution_pkg
  • cpe:2.3:a:microsoft:visual_c%2b%2b:2008:redistribution_pkg
    cpe:2.3:a:microsoft:visual_c%2b%2b:2008:redistribution_pkg
  • cpe:2.3:a:microsoft:visual_c%2b%2b:2008:sp1_redistribution_pkg
    cpe:2.3:a:microsoft:visual_c%2b%2b:2008:sp1_redistribution_pkg
  • cpe:2.3:a:microsoft:visual_studio:2005:sp1
    cpe:2.3:a:microsoft:visual_studio:2005:sp1
  • cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c%2b%2b_tools
    cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c%2b%2b_tools
  • cpe:2.3:a:microsoft:visual_studio:2008
    cpe:2.3:a:microsoft:visual_studio:2008
  • Microsoft Visual Studio 2008 Service Pack 1
    cpe:2.3:a:microsoft:visual_studio:2008:sp1
  • Microsoft Visual Studio .NET 2003 SP1
    cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1
CVSS
Base: 9.3 (as of 02-09-2016 - 17:07)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
  • bulletin_id MS09-035
    bulletin_url
    date 2009-07-28T00:00:00
    impact Remote Code Execution
    knowledgebase_id 969706
    knowledgebase_url
    severity Moderate
    title Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
  • bulletin_id MS09-037
    bulletin_url
    date 2009-08-11T00:00:00
    impact Remote Code Execution
    knowledgebase_id 973908
    knowledgebase_url
    severity Critical
    title Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
  • bulletin_id MS09-060
    bulletin_url
    date 2009-10-13T00:00:00
    impact Remote Code Execution
    knowledgebase_id 973965
    knowledgebase_url
    severity Critical
    title Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution
nessus via4
  • NASL family Windows
    NASL id SHOCKWAVE_PLAYER_APSB09_11.NASL
    description The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.0.601. Such versions were compiled against a version of Microsoft's Active Template Library (ATL) that contained a vulnerability. If an attacker can trick a user of the affected software into opening such a file, this issue could be leveraged to execute arbitrary code with the privileges of that user.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40421
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40421
    title Shockwave Player < 11.5.0.601 Multiple Vulnerabilities (APSB09-11)
  • NASL family Windows
    NASL id WIN_SERVER_2008_NTLM_PCI.NASL
    description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108811
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108811
    title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-060.NASL
    description One or more ActiveX controls included in Microsoft Outlook or Visio and installed on the remote Windows host was compiled with a version of Microsoft Active Template Library (ATL) that is affected by potentially several vulnerabilities : - An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - Unsafe usage of 'OleLoadFromStream' could allow instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - An attacker who is able to run a malicious component or control built using Visual Studio ATL can, by manipulating a string with no terminating NULL byte, read extra data beyond the end of the string and thus disclose information in memory. (CVE-2009-2495)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42116
    published 2009-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42116
    title MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB09_10.NASL
    description The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly affected by multiple vulnerabilities : - A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-1862) - A vulnerability in the Microsoft Active Template Library (ATL) which could allow an attacker who successfully exploits the vulnerability to take control of the affected system. (CVE-2009-0901, CVE-2009-2395, CVE-2009-2493) - A privilege escalation vulnerability that could potentially lead to code execution. (CVE-2009-1863) - A heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1864) - A NULL pointer vulnerability that could potentially lead to code execution. (CVE-2009-1865) - A stack overflow vulnerability that could potentially lead to code execution. (CVE-2009-1866) - A clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2009-1867 - A URL parsing heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1868) - An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-1869) - A local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive. CVE-2009-1870)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 40434
    published 2009-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40434
    title Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-037.NASL
    description The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function 'CComVariant::ReadFromStream' used in the ATL header, which fails to properly restrict untrusted data read from a stream. (CVE-2008-0015) - A remote code execution issue exists in the Microsoft Active Template Library due to an error in the 'Load' method of the 'IPersistStreamInit' interface, which could allow calls to 'memcpy' with untrusted data. (CVE-2008-0020) - An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - Unsafe usage of 'OleLoadFromStream' could allow instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - A bug in the ATL header could allow reading a variant from a stream and leaving the variant type read with an invalid variant, which could be leveraged by an attacker to execute arbitrary code remotely. (CVE-2009-2494)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40556
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40556
    title MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-6387.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870).
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 42001
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42001
    title openSUSE 10 Security Update : flash-player (flash-player-6387)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FLASH-PLAYER-090731.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40488
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40488
    title openSUSE Security Update : flash-player (flash-player-1148)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-6386.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51731
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51731
    title SuSE 10 Security Update : flash-player (ZYPP Patch Number 6386)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-035.NASL
    description The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - On systems with components and controls installed that were built using Visual Studio ATL, unsafe usage of OleLoadFromStream could allow instantiation of arbitrary objects that can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow a string to be read without a terminating NULL character, which could lead to disclosure of information in memory. (CVE-2009-2495)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40435
    published 2009-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40435
    title MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FLASH-PLAYER-090731.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40489
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40489
    title openSUSE Security Update : flash-player (flash-player-1148)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FLASH-PLAYER-090731.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41392
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41392
    title SuSE 11 Security Update : flash-player (SAT Patch Number 1149)
oval via4
  • accepted 2009-09-28T04:00:20.671-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Rachana Shetty
      organization SecPod Technologies
    • name Josh Turpin
      organization Symantec Corporation
    • name Chandan S
      organization SecPod Technologies
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Outlook Express 5.5 SP2 is installed.
      oval oval:org.mitre.oval:def:504
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Outlook Express 6 SP1 is installed.
      oval oval:org.mitre.oval:def:488
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6289
    status deprecated
    submitted 2009-08-11T13:00:00
    title ATL Uninitialized Object Vulnerability
    version 75
  • accepted 2009-09-14T04:00:10.848-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Visual Studio .NET 2003 SP1 is installed
      oval oval:org.mitre.oval:def:168
    • comment Microsoft Visual Studio 2005 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6401
    • comment Microsoft Visual Studio 2008 is installed
      oval oval:org.mitre.oval:def:5401
    • comment Microsoft Visual Studio 2008 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6205
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6311
    status deprecated
    submitted 2009-07-28T13:00:00
    title ATL Uninitialized Object Vulnerability
    version 78
  • accepted 2009-11-30T04:00:36.150-05:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Outlook 2002 is installed
      oval oval:org.mitre.oval:def:5179
    • comment Microsoft Outlook 2003 is installed
      oval oval:org.mitre.oval:def:5505
    • comment Microsoft Outlook 2007 is installed
      oval oval:org.mitre.oval:def:5352
    • comment Microsoft Visio Viewer 2002 is installed
      oval oval:org.mitre.oval:def:6500
    • comment Microsoft Office Visio Viewer 2003 is installed
      oval oval:org.mitre.oval:def:6420
    • comment Microsoft Office Visio Viewer 2007 is installed
      oval oval:org.mitre.oval:def:6128
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6373
    status deprecated
    submitted 2009-10-13T13:00:00
    title ATL Uninitialized Object Vulnerability
    version 6
  • accepted 2015-08-10T04:01:10.426-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Rachana Shetty
      organization SecPod Technologies
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    • name Chandan S
      organization SecPod Technologies
    • name Dragos Prisaca
      organization G2, Inc.
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Outlook 2002 is installed
      oval oval:org.mitre.oval:def:5179
    • comment Microsoft Outlook 2003 is installed
      oval oval:org.mitre.oval:def:5505
    • comment Microsoft Outlook 2007 SP1 is installed
      oval oval:org.mitre.oval:def:18961
    • comment Microsoft Outlook 2007 SP2 is installed
      oval oval:org.mitre.oval:def:18844
    • comment Microsoft Visio Viewer 2002 is installed
      oval oval:org.mitre.oval:def:6500
    • comment Microsoft Office Visio Viewer 2003 is installed
      oval oval:org.mitre.oval:def:6420
    • comment Microsoft Office Visio Viewer 2007 is installed
      oval oval:org.mitre.oval:def:6128
    • comment Microsoft Visual Studio .NET 2003 SP1 is installed
      oval oval:org.mitre.oval:def:168
    • comment Microsoft Visual Studio 2005 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6401
    • comment Microsoft Visual Studio 2008 is installed
      oval oval:org.mitre.oval:def:5401
    • comment Microsoft Visual Studio 2008 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6205
    • comment Microsoft Visual C++ 2005 Redistributable Package is installed
      oval oval:org.mitre.oval:def:29007
    • comment Microsoft Visual C++ 2008 Redistributable Package is installed
      oval oval:org.mitre.oval:def:28587
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Outlook Express 5.5 SP2 is installed.
      oval oval:org.mitre.oval:def:504
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Outlook Express 6 SP1 is installed.
      oval oval:org.mitre.oval:def:488
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7581
    status accepted
    submitted 2009-12-26T17:00:00.000-05:00
    title ATL Uninitialized Object Vulnerability
    version 107
refmap via4
bid 35832
cert
  • TA09-195A
  • TA09-223A
  • TA09-286A
confirm
hp
  • HPSBMA02488
  • SSRT100013
misc http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
ms
  • MS09-035
  • MS09-037
  • MS09-060
secunia
  • 35967
  • 36187
  • 36374
  • 36746
sunalert 266108
vupen
  • ADV-2009-2034
  • ADV-2009-2232
saint via4
bid 35832
description Visual Studio Active Template Library uninitialized object
id misc_vstudioatl
osvdb 56696
title visual_studio_atl_uninitialized_object
type client
Last major update 13-11-2014 - 21:59
Published 29-07-2009 - 13:30
Last modified 12-10-2018 - 17:50
Back to Top