1. CVE-Search
  2. CVE-2009-0901
ID CVE-2009-0901
Summary The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." Please refer to this link http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx for mitigating factors and additional information.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_c\+\+:2008:redistribution_pkg:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_c\+\+:2008:redistribution_pkg:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\+\+_tools:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\+\+_tools:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:50)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Code Injection
    An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
  • bulletin_id MS09-060
    bulletin_url
    date 2009-10-13T00:00:00
    impact Remote Code Execution
    knowledgebase_id 973965
    knowledgebase_url
    severity Critical
    title Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution
  • bulletin_id MS09-037
    bulletin_url
    date 2009-08-11T00:00:00
    impact Remote Code Execution
    knowledgebase_id 973908
    knowledgebase_url
    severity Critical
    title Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
  • bulletin_id MS09-035
    bulletin_url
    date 2009-07-28T00:00:00
    impact Remote Code Execution
    knowledgebase_id 969706
    knowledgebase_url
    severity Moderate
    title Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
oval via4
  • accepted 2009-09-28T04:00:20.671-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Rachana Shetty
      organization SecPod Technologies
    • name Josh Turpin
      organization Symantec Corporation
    • name Chandan S
      organization SecPod Technologies
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Outlook Express 5.5 SP2 is installed.
      oval oval:org.mitre.oval:def:504
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Outlook Express 6 SP1 is installed.
      oval oval:org.mitre.oval:def:488
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6289
    status deprecated
    submitted 2009-08-11T13:00:00
    title ATL Uninitialized Object Vulnerability
    version 81
  • accepted 2009-09-14T04:00:10.848-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Visual Studio .NET 2003 SP1 is installed
      oval oval:org.mitre.oval:def:168
    • comment Microsoft Visual Studio 2005 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6401
    • comment Microsoft Visual Studio 2008 is installed
      oval oval:org.mitre.oval:def:5401
    • comment Microsoft Visual Studio 2008 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6205
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6311
    status deprecated
    submitted 2009-07-28T13:00:00
    title ATL Uninitialized Object Vulnerability
    version 79
  • accepted 2009-11-30T04:00:36.150-05:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Outlook 2002 is installed
      oval oval:org.mitre.oval:def:5179
    • comment Microsoft Outlook 2003 is installed
      oval oval:org.mitre.oval:def:5505
    • comment Microsoft Outlook 2007 is installed
      oval oval:org.mitre.oval:def:5352
    • comment Microsoft Visio Viewer 2002 is installed
      oval oval:org.mitre.oval:def:6500
    • comment Microsoft Office Visio Viewer 2003 is installed
      oval oval:org.mitre.oval:def:6420
    • comment Microsoft Office Visio Viewer 2007 is installed
      oval oval:org.mitre.oval:def:6128
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6373
    status deprecated
    submitted 2009-10-13T13:00:00
    title ATL Uninitialized Object Vulnerability
    version 6
  • accepted 2015-08-10T04:01:10.426-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Rachana Shetty
      organization SecPod Technologies
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    • name Chandan S
      organization SecPod Technologies
    • name Dragos Prisaca
      organization G2, Inc.
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Outlook 2002 is installed
      oval oval:org.mitre.oval:def:5179
    • comment Microsoft Outlook 2003 is installed
      oval oval:org.mitre.oval:def:5505
    • comment Microsoft Outlook 2007 SP1 is installed
      oval oval:org.mitre.oval:def:18961
    • comment Microsoft Outlook 2007 SP2 is installed
      oval oval:org.mitre.oval:def:18844
    • comment Microsoft Visio Viewer 2002 is installed
      oval oval:org.mitre.oval:def:6500
    • comment Microsoft Office Visio Viewer 2003 is installed
      oval oval:org.mitre.oval:def:6420
    • comment Microsoft Office Visio Viewer 2007 is installed
      oval oval:org.mitre.oval:def:6128
    • comment Microsoft Visual Studio .NET 2003 SP1 is installed
      oval oval:org.mitre.oval:def:168
    • comment Microsoft Visual Studio 2005 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6401
    • comment Microsoft Visual Studio 2008 is installed
      oval oval:org.mitre.oval:def:5401
    • comment Microsoft Visual Studio 2008 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6205
    • comment Microsoft Visual C++ 2005 Redistributable Package is installed
      oval oval:org.mitre.oval:def:29007
    • comment Microsoft Visual C++ 2008 Redistributable Package is installed
      oval oval:org.mitre.oval:def:28587
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Outlook Express 5.5 SP2 is installed.
      oval oval:org.mitre.oval:def:504
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Outlook Express 6 SP1 is installed.
      oval oval:org.mitre.oval:def:488
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
    family windows
    id oval:org.mitre.oval:def:7581
    status accepted
    submitted 2009-12-26T17:00:00.000-05:00
    title ATL Uninitialized Object Vulnerability
    version 113
refmap via4
bid 35832
cert
  • TA09-195A
  • TA09-223A
  • TA09-286A
confirm
hp
  • HPSBMA02488
  • SSRT100013
misc http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
secunia
  • 35967
  • 36187
  • 36374
  • 36746
sunalert 266108
vupen
  • ADV-2009-2034
  • ADV-2009-2232
saint via4
bid 35832
description Visual Studio Active Template Library uninitialized object
id misc_vstudioatl
osvdb 56696
title visual_studio_atl_uninitialized_object
type client
Last major update 12-10-2018 - 21:50
Published 29-07-2009 - 17:30
Last modified 12-10-2018 - 21:50
Back to Top