ID CVE-2009-2493
Summary The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
References
Vulnerable Configurations
  • Microsoft Visual C++ 2005 Service Pack 1
    cpe:2.3:a:microsoft:visual_c%2b%2b:2005:sp1
  • cpe:2.3:a:microsoft:visual_c%2b%2b:2008
    cpe:2.3:a:microsoft:visual_c%2b%2b:2008
  • Microsoft Visual C++ 2008 Service Pack 1
    cpe:2.3:a:microsoft:visual_c%2b%2b:2008:sp1
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows 2003 Server Service Pack 2
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2
  • Microsoft Windows Server 2008 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  • Microsoft Windows Server 2008
    cpe:2.3:o:microsoft:windows_server_2008
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Visual Studio 2003 sp1
    cpe:2.3:a:microsoft:visual_studio:2003:sp1
  • cpe:2.3:a:microsoft:visual_studio:2005:sp1
    cpe:2.3:a:microsoft:visual_studio:2005:sp1
  • cpe:2.3:a:microsoft:visual_studio:2008
    cpe:2.3:a:microsoft:visual_studio:2008
  • Microsoft Visual Studio 2008 Service Pack 1
    cpe:2.3:a:microsoft:visual_studio:2008:sp1
CVSS
Base: 9.3 (as of 02-09-2016 - 17:16)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
  • bulletin_id MS09-035
    bulletin_url
    date 2009-07-28T00:00:00
    impact Remote Code Execution
    knowledgebase_id 969706
    knowledgebase_url
    severity Moderate
    title Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
  • bulletin_id MS09-072
    bulletin_url
    date 2009-12-08T00:00:00
    impact Remote Code Execution
    knowledgebase_id 976325
    knowledgebase_url
    severity Critical
    title Cumulative Security Update for Internet Explorer
  • bulletin_id MS09-055
    bulletin_url
    date 2009-10-13T00:00:00
    impact Remote Code Execution
    knowledgebase_id 973525
    knowledgebase_url
    severity Critical
    title Cumulative Security Update of ActiveX Kill Bits
  • bulletin_id MS09-037
    bulletin_url
    date 2009-08-11T00:00:00
    impact Remote Code Execution
    knowledgebase_id 973908
    knowledgebase_url
    severity Critical
    title Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
  • bulletin_id MS09-060
    bulletin_url
    date 2009-10-13T00:00:00
    impact Remote Code Execution
    knowledgebase_id 973965
    knowledgebase_url
    severity Critical
    title Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution
nessus via4
  • NASL family Windows
    NASL id OPENOFFICE_32.NASL
    description The version of Sun Microsystems OpenOffice.org installed on the remote host is prior to version 3.2. It is, therefore, affected by several issues : - Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339) - There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217) - The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493) - Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949) - Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950) - Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44597
    published 2010-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44597
    title Sun OpenOffice.org < 3.2 Multiple Vulnerabilities
  • NASL family Windows
    NASL id SHOCKWAVE_PLAYER_APSB09_11.NASL
    description The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.0.601. Such versions were compiled against a version of Microsoft's Active Template Library (ATL) that contained a vulnerability. If an attacker can trick a user of the affected software into opening such a file, this issue could be leveraged to execute arbitrary code with the privileges of that user.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40421
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40421
    title Shockwave Player < 11.5.0.601 Multiple Vulnerabilities (APSB09-11)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-055.NASL
    description Microsoft ActiveX controls that were compiled using the vulnerable Active Template Library described in Microsoft Security Bulletin MS09-035 have remote code execution vulnerabilities. A remote attacker could exploit them to execute arbitrary code by tricking a user into requesting a maliciously crafted web page.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42111
    published 2009-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42111
    title MS09-055: Cumulative Security Update of ActiveX Kill Bits (973525)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C97D7A37223311DF96DD001B2134EF46.NASL
    description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime CVE-2009-2949: Potential vulnerability related to XPM file processing CVE-2009-2950: Potential vulnerability related to GIF file processing CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44922
    published 2010-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44922
    title FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-072.NASL
    description The remote host is missing IE Security Update 976325. The remote version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 43064
    published 2009-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43064
    title MS09-072: Cumulative Security Update for Internet Explorer (976325)
  • NASL family Windows
    NASL id WIN_SERVER_2008_NTLM_PCI.NASL
    description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108811
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108811
    title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-060.NASL
    description One or more ActiveX controls included in Microsoft Outlook or Visio and installed on the remote Windows host was compiled with a version of Microsoft Active Template Library (ATL) that is affected by potentially several vulnerabilities : - An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - Unsafe usage of 'OleLoadFromStream' could allow instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - An attacker who is able to run a malicious component or control built using Visual Studio ATL can, by manipulating a string with no terminating NULL byte, read extra data beyond the end of the string and thus disclose information in memory. (CVE-2009-2495)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42116
    published 2009-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42116
    title MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB09_10.NASL
    description The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly affected by multiple vulnerabilities : - A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-1862) - A vulnerability in the Microsoft Active Template Library (ATL) which could allow an attacker who successfully exploits the vulnerability to take control of the affected system. (CVE-2009-0901, CVE-2009-2395, CVE-2009-2493) - A privilege escalation vulnerability that could potentially lead to code execution. (CVE-2009-1863) - A heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1864) - A NULL pointer vulnerability that could potentially lead to code execution. (CVE-2009-1865) - A stack overflow vulnerability that could potentially lead to code execution. (CVE-2009-1866) - A clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2009-1867 - A URL parsing heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1868) - An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-1869) - A local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive. CVE-2009-1870)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 40434
    published 2009-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40434
    title Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-037.NASL
    description The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function 'CComVariant::ReadFromStream' used in the ATL header, which fails to properly restrict untrusted data read from a stream. (CVE-2008-0015) - A remote code execution issue exists in the Microsoft Active Template Library due to an error in the 'Load' method of the 'IPersistStreamInit' interface, which could allow calls to 'memcpy' with untrusted data. (CVE-2008-0020) - An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - Unsafe usage of 'OleLoadFromStream' could allow instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - A bug in the ATL header could allow reading a variant from a stream and leaving the variant type read with an invalid variant, which could be leveraged by an attacker to execute arbitrary code remotely. (CVE-2009-2494)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40556
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40556
    title MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-6387.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870).
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 42001
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42001
    title openSUSE 10 Security Update : flash-player (flash-player-6387)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-091102.NASL
    description The IBM Java 6 JRE/SDK was updated to Service Release 6, fixing various bugs and security issues. The following security issues were fixed : - A security vulnerability in the JNLPAppletLauncher might impact users of the Sun JDK and JRE. Non-current versions of the JNLPAppletLauncher might be re-purposed with an untrusted Java applet to write arbitrary files on the system of the user downloading and running the untrusted applet. (CVE-2009-2676) The JNLPAppletLauncher is a general purpose JNLP-based applet launcher class for deploying applets that use extension libraries containing native code. - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) - A vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to access system properties. (CVE-2009-2670) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application. - A vulnerability in the Java Runtime Environment with the SOCKS proxy implementation might allow an untrusted applet or Java Web Start application to determine the username of the user running the applet or application. (CVE-2009-2671 / CVE-2009-2672) A second vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to obtain browser cookies and leverage those cookies to hijack sessions. - A vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to make non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2674) - An integer overflow vulnerability in the Java Runtime Environment with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2675) - A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. (CVE-2009-2625)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 42396
    published 2009-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42396
    title SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-6741.NASL
    description IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also see http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49863
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49863
    title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FLASH-PLAYER-090731.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40488
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40488
    title openSUSE Security Update : flash-player (flash-player-1148)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FLASH-PLAYER-6386.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51731
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51731
    title SuSE 10 Security Update : flash-player (ZYPP Patch Number 6386)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-035.NASL
    description The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - On systems with components and controls installed that were built using Visual Studio ATL, unsafe usage of OleLoadFromStream could allow instantiation of arbitrary objects that can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow a string to be read without a terminating NULL character, which could lead to disclosure of information in memory. (CVE-2009-2495)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40435
    published 2009-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40435
    title MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FLASH-PLAYER-090731.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40489
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40489
    title openSUSE Security Update : flash-player (flash-player-1148)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-6740.NASL
    description IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also see http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 43822
    published 2010-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43822
    title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FLASH-PLAYER-090731.NASL
    description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41392
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41392
    title SuSE 11 Security Update : flash-player (SAT Patch Number 1149)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12564.NASL
    description IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. It also contains a timezone update for the current Fiji change (timezone 1.6.9s). The update fixes the following security issues : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876, CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also refer to http://www.ibm.com/developerworks/java/jdk/alerts for more information about this update.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43599
    published 2009-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43599
    title SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)
oval via4
  • accepted 2009-09-28T04:00:17.323-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Rachana Shetty
      organization SecPod Technologies
    • name Josh Turpin
      organization Symantec Corporation
    • name Chandan S
      organization SecPod Technologies
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Outlook Express 5.5 SP2 is installed.
      oval oval:org.mitre.oval:def:504
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Outlook Express 6 SP1 is installed.
      oval oval:org.mitre.oval:def:488
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6245
    status deprecated
    submitted 2009-08-11T13:00:00
    title ATL COM Initialization Vulnerability
    version 75
  • accepted 2009-09-14T04:00:09.792-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Visual Studio .NET 2003 SP1 is installed
      oval oval:org.mitre.oval:def:168
    • comment Microsoft Visual Studio 2005 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6401
    • comment Microsoft Visual Studio 2008 is installed
      oval oval:org.mitre.oval:def:5401
    • comment Microsoft Visual Studio 2008 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6205
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6304
    status deprecated
    submitted 2009-07-28T13:00:00
    title ATL COM Initialization Vulnerability
    version 78
  • accepted 2009-11-30T04:00:41.161-05:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6124
    • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5594
    • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
      oval oval:org.mitre.oval:def:5653
    • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6216
    • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6150
    • comment Microsoft Windows 7 (32-bit) is installed
      oval oval:org.mitre.oval:def:6165
    • comment Microsoft Windows 7 x64 Edition is installed
      oval oval:org.mitre.oval:def:5950
    • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
      oval oval:org.mitre.oval:def:6438
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
      oval oval:org.mitre.oval:def:5954
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6421
    status deprecated
    submitted 2009-10-13T13:00:00
    title ATL COM Initialization Vulnerability
    version 21
  • accepted 2009-11-30T04:00:46.551-05:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Outlook 2002 is installed
      oval oval:org.mitre.oval:def:5179
    • comment Microsoft Outlook 2003 is installed
      oval oval:org.mitre.oval:def:5505
    • comment Microsoft Outlook 2007 is installed
      oval oval:org.mitre.oval:def:5352
    • comment Microsoft Visio Viewer 2002 is installed
      oval oval:org.mitre.oval:def:6500
    • comment Microsoft Office Visio Viewer 2003 is installed
      oval oval:org.mitre.oval:def:6420
    • comment Microsoft Office Visio Viewer 2007 is installed
      oval oval:org.mitre.oval:def:6128
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6473
    status deprecated
    submitted 2009-10-13T13:00:00
    title ATL COM Initialization Vulnerability
    version 6
  • class vulnerability
    contributors
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name J. Daniel Brown
      organization DTCC
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Internet Explorer 5.01 SP4 is installed
      oval oval:org.mitre.oval:def:325
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Internet Explorer 6 is installed
      oval oval:org.mitre.oval:def:563
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Internet Explorer 6 is installed
      oval oval:org.mitre.oval:def:563
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Internet Explorer 6 is installed
      oval oval:org.mitre.oval:def:563
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    • comment Microsoft Internet Explorer 6 is installed
      oval oval:org.mitre.oval:def:563
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6621
    status deprecated
    submitted 2009-12-08T13:00:00
    title ATL COM Initialization Vulnerability (CVE-2009-2493)
    version 66
  • accepted 2015-08-10T04:01:07.487-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Mike Lah
      organization The MITRE Corporation
    • name Rachana Shetty
      organization SecPod Technologies
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Josh Turpin
      organization Symantec Corporation
    • name Chandan S
      organization SecPod Technologies
    • name Dragos Prisaca
      organization G2, Inc.
    • name Dragos Prisaca
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Internet Explorer 5.01 SP4 is installed
      oval oval:org.mitre.oval:def:325
    • comment Microsoft Internet Explorer 6 is installed
      oval oval:org.mitre.oval:def:563
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Outlook 2002 is installed
      oval oval:org.mitre.oval:def:5179
    • comment Microsoft Outlook 2003 is installed
      oval oval:org.mitre.oval:def:5505
    • comment Microsoft Outlook 2007 SP1 is installed
      oval oval:org.mitre.oval:def:18961
    • comment Microsoft Outlook 2007 SP2 is installed
      oval oval:org.mitre.oval:def:18844
    • comment Microsoft Visio Viewer 2002 is installed
      oval oval:org.mitre.oval:def:6500
    • comment Microsoft Office Visio Viewer 2003 is installed
      oval oval:org.mitre.oval:def:6420
    • comment Microsoft Office Visio Viewer 2007 is installed
      oval oval:org.mitre.oval:def:6128
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows 7 (32-bit) is installed
      oval oval:org.mitre.oval:def:6165
    • comment Microsoft Windows 7 x64 Edition is installed
      oval oval:org.mitre.oval:def:5950
    • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
      oval oval:org.mitre.oval:def:6438
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
      oval oval:org.mitre.oval:def:5954
    • comment Microsoft Visual Studio .NET 2003 SP1 is installed
      oval oval:org.mitre.oval:def:168
    • comment Microsoft Visual Studio 2005 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6401
    • comment Microsoft Visual Studio 2008 is installed
      oval oval:org.mitre.oval:def:5401
    • comment Microsoft Visual Studio 2008 Service Pack 1 is installed
      oval oval:org.mitre.oval:def:6205
    • comment Microsoft Visual C++ 2005 Redistributable Package is installed
      oval oval:org.mitre.oval:def:29007
    • comment Microsoft Visual C++ 2008 Redistributable Package is installed
      oval oval:org.mitre.oval:def:28587
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Outlook Express 5.5 SP2 is installed.
      oval oval:org.mitre.oval:def:504
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Outlook Express 6 SP1 is installed.
      oval oval:org.mitre.oval:def:488
    • comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
      oval oval:org.mitre.oval:def:208
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Windows Media Player v9 is installed.
      oval oval:org.mitre.oval:def:2147
    • comment Windows Media Player v10 is installed.
      oval oval:org.mitre.oval:def:2172
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Windows Media Player v11 is installed.
      oval oval:org.mitre.oval:def:2126
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6716
    status accepted
    submitted 2009-12-26T17:00:00.000-05:00
    title ATL COM Initialization Vulnerability
    version 108
refmap via4
cert
  • TA09-195A
  • TA09-223A
  • TA09-286A
  • TA09-342A
confirm
hp
  • HPSBMA02488
  • SSRT100013
misc http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
ms
  • MS09-035
  • MS09-037
  • MS09-055
  • MS09-060
  • MS09-072
secunia
  • 35967
  • 36187
  • 36374
  • 36746
  • 38568
  • 41818
sunalert
  • 1020775
  • 264648
  • 266108
suse SUSE-SA:2009:053
vupen
  • ADV-2009-2034
  • ADV-2009-2232
  • ADV-2010-0366
Last major update 02-09-2016 - 17:26
Published 29-07-2009 - 13:30
Last modified 12-10-2018 - 17:51
Back to Top