cvelistv5 - cve-2009-0901

CVE-2009-0901 (GCVE-0-2009-0901)

Vulnerability from cvelistv5

Published

2009-07-29 17:00

Modified

2024-08-07 04:48

Severity ?

CWE

Summary

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

References

URL

Tags

cve@mitre.org	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
cve@mitre.org	http://marc.info/?l=bugtraq&m=126592505426855&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=126592505426855&w=2
cve@mitre.org	http://secunia.com/advisories/35967
cve@mitre.org	http://secunia.com/advisories/36187
cve@mitre.org	http://secunia.com/advisories/36374
cve@mitre.org	http://secunia.com/advisories/36746
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
cve@mitre.org	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-10.html
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-13.html
cve@mitre.org	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
cve@mitre.org	http://www.securityfocus.com/bid/35832	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2034
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2232
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35967
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36187
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36374
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36746
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-10.html
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-13.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35832	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2034
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2232
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
          },
          {
            "name": "266108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
          },
          {
            "name": "35832",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35832"
          },
          {
            "name": "ADV-2009-2034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2034"
          },
          {
            "name": "TA09-223A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:7581",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
          },
          {
            "name": "oval:org.mitre.oval:def:6289",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
          },
          {
            "name": "SSRT100013",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "HPSBMA02488",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "36187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36187"
          },
          {
            "name": "oval:org.mitre.oval:def:6311",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
          },
          {
            "name": "ADV-2009-2232",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
          },
          {
            "name": "36374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36374"
          },
          {
            "name": "MS09-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
          },
          {
            "name": "36746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36746"
          },
          {
            "name": "oval:org.mitre.oval:def:6373",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
          },
          {
            "name": "35967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35967"
          },
          {
            "name": "TA09-195A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "MS09-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
        },
        {
          "name": "266108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
        },
        {
          "name": "35832",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35832"
        },
        {
          "name": "ADV-2009-2034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2034"
        },
        {
          "name": "TA09-223A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
        },
        {
          "name": "oval:org.mitre.oval:def:7581",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
        },
        {
          "name": "oval:org.mitre.oval:def:6289",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
        },
        {
          "name": "SSRT100013",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "HPSBMA02488",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "36187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36187"
        },
        {
          "name": "oval:org.mitre.oval:def:6311",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
        },
        {
          "name": "ADV-2009-2232",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
        },
        {
          "name": "36374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36374"
        },
        {
          "name": "MS09-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
        },
        {
          "name": "36746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36746"
        },
        {
          "name": "oval:org.mitre.oval:def:6373",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
        },
        {
          "name": "35967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35967"
        },
        {
          "name": "TA09-195A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
        },
        {
          "name": "MS09-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0901",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
            },
            {
              "name": "266108",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
            },
            {
              "name": "35832",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35832"
            },
            {
              "name": "ADV-2009-2034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2034"
            },
            {
              "name": "TA09-223A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-035",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:7581",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
            },
            {
              "name": "oval:org.mitre.oval:def:6289",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
            },
            {
              "name": "SSRT100013",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "HPSBMA02488",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "36187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36187"
            },
            {
              "name": "oval:org.mitre.oval:def:6311",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
            },
            {
              "name": "ADV-2009-2232",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2232"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
            },
            {
              "name": "36374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36374"
            },
            {
              "name": "MS09-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
            },
            {
              "name": "36746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36746"
            },
            {
              "name": "oval:org.mitre.oval:def:6373",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
            },
            {
              "name": "35967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35967"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "MS09-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0901",
    "datePublished": "2009-07-29T17:00:00",
    "dateReserved": "2009-03-14T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0901\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-07-29T17:30:00.953\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \\\"ATL Uninitialized Object Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"La Active Template Library  (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold, y Visual C++ 2005 SP1 y 2008 Gold y SP1, no previene las llamadas VariantClear sobre una VARIAN sin inicializar, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un (1) componente o (2) control ATL. Relacionado con las cabeceras ATL y manejo de errores. Tambi\u00e9n conocida como \\\"Vulnerabilidad de objeto ATL sin inicializar\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA86F8B2-0211-4FF6-BE07-2E2EC06DFC37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2008:redistribution_pkg:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA98FBB-255F-4AC9-B035-54C60EEE022B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*\",\"matchCriteriaId\":\"B20EDFCC-8C10-4EBF-BCC6-1A17362E6676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\\\\+\\\\+_tools:*:*:*:*:*\",\"matchCriteriaId\":\"9E35016A-D55F-4607-8716-77AACB7B166C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED077FFC-EBCC-4CD9-BF0E-0286B99C1965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85959AEB-2FE5-4A25-B298-F8223CE260D6\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35967\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36187\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36374\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36746\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-04.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-10.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-11.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-13.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/35832\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-223A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2034\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2232\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-10.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-223A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Please refer to this link http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx for mitigating factors and additional information.\"}}"
  }
}

ghsa-5q85-2xfh-7gpf

Vulnerability from github

Published

2022-05-02 03:19

Modified

2022-05-02 03:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-07-29T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\"",
  "id": "GHSA-5q85-2xfh-7gpf",
  "modified": "2022-05-02T03:19:32Z",
  "published": "2022-05-02T03:19:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0901"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35832"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-0901

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-0901

Aliases

CVE-2009-0901

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0901",
    "description": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\"",
    "id": "GSD-2009-0901",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0901.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0901"
      ],
      "details": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\"",
      "id": "GSD-2009-0901",
      "modified": "2023-12-13T01:19:44.476967Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0901",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
          },
          {
            "name": "266108",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
          },
          {
            "name": "35832",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35832"
          },
          {
            "name": "ADV-2009-2034",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2034"
          },
          {
            "name": "TA09-223A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
          },
          {
            "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
            "refsource": "CONFIRM",
            "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
          },
          {
            "name": "TA09-286A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-035",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
          },
          {
            "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:7581",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
          },
          {
            "name": "oval:org.mitre.oval:def:6289",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
          },
          {
            "name": "SSRT100013",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "HPSBMA02488",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "36187",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36187"
          },
          {
            "name": "oval:org.mitre.oval:def:6311",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
          },
          {
            "name": "ADV-2009-2232",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2232"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
          },
          {
            "name": "36374",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36374"
          },
          {
            "name": "MS09-037",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
          },
          {
            "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
          },
          {
            "name": "36746",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36746"
          },
          {
            "name": "oval:org.mitre.oval:def:6373",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
          },
          {
            "name": "35967",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35967"
          },
          {
            "name": "TA09-195A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "MS09-060",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\\+\\+_tools:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:redistribution_pkg:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0901"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35832",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/35832"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
            },
            {
              "name": "ADV-2009-2034",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/2034"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
            },
            {
              "name": "ADV-2009-2232",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/2232"
            },
            {
              "name": "36187",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36187"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
            },
            {
              "name": "36374",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36374"
            },
            {
              "name": "266108",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "TA09-223A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "SSRT100013",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
            },
            {
              "name": "36746",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36746"
            },
            {
              "name": "35967",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35967"
            },
            {
              "name": "oval:org.mitre.oval:def:7581",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
            },
            {
              "name": "oval:org.mitre.oval:def:6373",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
            },
            {
              "name": "oval:org.mitre.oval:def:6311",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
            },
            {
              "name": "oval:org.mitre.oval:def:6289",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
            },
            {
              "name": "MS09-060",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
            },
            {
              "name": "MS09-037",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
            },
            {
              "name": "MS09-035",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:50Z",
      "publishedDate": "2009-07-29T17:30Z"
    }
  }
}

CERTA-2009-AVI-516

Vulnerability from certfr_avis

Plusieurs vulnérabilités présentes dans les lecteurs Flash d'Adobe permettent de contourner la politique de sécurité, de porter atteinte à l'intégrité des données, ou d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités, notamment de type débordement de mémoire ou pointeur nul, peuvent être exploitées par une personne malveillante afin d'exécuter du code arbitraire à distance au moyen d'un fichier au format swf spécialement construit.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player 10.x ;
Adobe	N/A	Adobe Flash Player 9.x.
Adobe	N/A	Adobe AIR 1.x ;

References

Title

Publication Time

Tags

Bulletins de sécurité Adobe	None	vendor-advisory
Bulletin de sécurité Adobe apsa09-04 du 30 juillet 2009 :	-	other
Bulletin de sécurité Adobe apsa09-03 du 02 août 2009 :	-	other
Bulletin de sécurité Adobe apsb09-10 du 09 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 9.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, notamment de type d\u00e9bordement de m\u00e9moire ou\npointeur nul, peuvent \u00eatre exploit\u00e9es par une personne malveillante afin\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen d\u0027un fichier au format\nswf sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1864"
    },
    {
      "name": "CVE-2009-1867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1867"
    },
    {
      "name": "CVE-2009-1866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1866"
    },
    {
      "name": "CVE-2009-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1865"
    },
    {
      "name": "CVE-2009-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1868"
    },
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1870"
    },
    {
      "name": "CVE-2009-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1862"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2395"
    },
    {
      "name": "CVE-2009-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1863"
    },
    {
      "name": "CVE-2009-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1869"
    }
  ],
  "initial_release_date": "2009-11-26T00:00:00",
  "last_revision_date": "2009-11-26T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa09-04 du 30 juillet 2009 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa09-03 du 02 ao\u00fbt 2009 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-03.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-10 du 09 septembre 2009 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    }
  ],
  "reference": "CERTA-2009-AVI-516",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les lecteurs Flash d\u0027Adobe\npermettent de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Adobe",
      "url": null
    }
  ]
}

CERTA-2009-AVI-440

Vulnerability from certfr_avis

Plusieurs vulnérabilités dans Microsoft Active Template Library (ATL) ActiveX controls pour Microsoft Office permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités dans Microsoft Active Template Library (ATL) ActiveX controls pour Microsoft Office permettent à une personne distante d'exécuter du code arbitraire :

une erreur dans l'en-tête de Microsoft ATL permet d'exécuter du code arbitraire à distance via l'appel VariantClear (CVE-2009-0901);
une erreur dans l'en-tête de Microsoft ATL permet d'exécuter du code arbitraire à distance via l'instantiation d'un objet issu d'un flux de données (CVE-2009-2493) ;
une erreur dans Microsoft ATL permet de lire une chaîne de caractères sans le caractère NULL de fin. Il est ainsi possible de lire des données supplémentaires présentes en mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Visio 2002 Viewer ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Office	2007 Microsoft Office System Service Pack 1 et 2 ;
Microsoft	Office	Microsoft Office Vision Viewer Service Pack 2 et versions antérieures.
Microsoft	Office	Microsoft Office Visio 2003 Viewer ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-060 du 13 octobre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2002 Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "2007 Microsoft Office System Service Pack 1 et 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Vision Viewer Service Pack 2 et versions ant\u00e9rieures.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Visio 2003 Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Microsoft Active Template Library (ATL)\nActiveX controls pour Microsoft Office permettent \u00e0 une personne\ndistante d\u0027ex\u00e9cuter du code arbitraire :\n\n-   une erreur dans l\u0027en-t\u00eate de Microsoft ATL permet d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance via l\u0027appel VariantClear (CVE-2009-0901);\n-   une erreur dans l\u0027en-t\u00eate de Microsoft ATL permet d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance via l\u0027instantiation d\u0027un objet issu d\u0027un flux\n    de donn\u00e9es (CVE-2009-2493) ;\n-   une erreur dans Microsoft ATL permet de lire une cha\u00eene de\n    caract\u00e8res sans le caract\u00e8re NULL de fin. Il est ainsi possible de\n    lire des donn\u00e9es suppl\u00e9mentaires pr\u00e9sentes en m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2495"
    }
  ],
  "initial_release_date": "2009-10-14T00:00:00",
  "last_revision_date": "2009-10-14T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-440",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Active Template Library (ATL)\nActiveX controls pour Microsoft Office permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft ATL ActiveX controls pour Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-060 du 13 octobre 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx"
    }
  ]
}

CERTA-2010-AVI-083

Vulnerability from certfr_avis

De multiples vulnérabilités dans HP ProLiant Support Pack permettent, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été identifiées dans le navigateur HP ProLiant Support Pack. Leur exploitation permet notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP ProLiant Support Pack 8.30 pour Windows

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01997644 du 10 février 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP ProLiant Support Pack 8.30 pour  Windows\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur HP\nProLiant Support Pack. Leur exploitation permet notamment \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2495"
    }
  ],
  "initial_release_date": "2010-02-18T00:00:00",
  "last_revision_date": "2010-02-18T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-083",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans HP ProLiant Support Pack permettent,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans HP ProLiant Support Pack",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01997644 du 10 f\u00e9vrier 2010",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01997644"
    }
  ]
}

CERTA-2009-AVI-325

Vulnerability from certfr_avis

Plusieurs vulnérabilités de la bibliothèque ATL de Windows permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de la bibliothèque ATL (Active template library) de Windows ont été identifiées :

la première provient de la lecture sans filtrage de données non sûres ;
la seconde tire son origine de la copie de données non sûres ;
la troisième résulte du défaut d'initialisation d'un objet ;
la quatrième est liée à des erreurs dans certains en-têtes ATL ;
la cinquième provient d'un défaut de gestion de la mémoire.

Pour chacune de ces vulnérabilités, un utilisateur malveillant peut, par le biais d'une page web malveillante, exécuter du code arbitraire sur un système vulnérable avec les droits de l'utilisateur ;

Solution

Se référer au bulletin de sécurité MS09-037 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2008 et 2008 SP2 pour architecturess 32 bits, x64 et Itanium.
Microsoft	Windows	Windows Vista, Vista SP1 et SP2, y compris versions pour x64 ;
Microsoft	Windows	Windows XP S2, SP3 et Édition Media Center 2005 ;
Microsoft	Windows	Windows 2000 SP4 ;
Microsoft	Windows	Windows Server 2003 SP2, y compris versions pour x64 et Itanium ;
Microsoft	Windows	Windows XP Professionnel Édition x64 SP2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-037

2009-08-11

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2008 et 2008 SP2 pour architecturess 32 bits, x64 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista, Vista SP1 et SP2, y compris versions pour x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP S2, SP3 et \u00c9dition Media Center 2005 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 2000 SP4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2, y compris versions pour x64 et Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Professionnel \u00c9dition x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL (Active template\nlibrary) de Windows ont \u00e9t\u00e9 identifi\u00e9es\u00a0:\n\n-   la premi\u00e8re provient de la lecture sans filtrage de donn\u00e9es non\n    s\u00fbres ;\n-   la seconde tire son origine de la copie de donn\u00e9es non s\u00fbres ;\n-   la troisi\u00e8me r\u00e9sulte du d\u00e9faut d\u0027initialisation d\u0027un objet ;\n-   la quatri\u00e8me est li\u00e9e \u00e0 des erreurs dans certains en-t\u00eates ATL ;\n-   la cinqui\u00e8me provient d\u0027un d\u00e9faut de gestion de la m\u00e9moire.\n\nPour chacune de ces vuln\u00e9rabilit\u00e9s, un utilisateur malveillant peut, par\nle biais d\u0027une page web malveillante, ex\u00e9cuter du code arbitraire sur un\nsyst\u00e8me vuln\u00e9rable avec les droits de l\u0027utilisateur ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS09-037 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0015"
    },
    {
      "name": "CVE-2008-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0020"
    },
    {
      "name": "CVE-2009-2494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2494"
    },
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    }
  ],
  "initial_release_date": "2009-08-12T00:00:00",
  "last_revision_date": "2009-08-12T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-325",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL de Windows permettent \u00e0\nun utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2009-08-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-037",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx"
    }
  ]
}

CERTA-2009-AVI-300

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectant une bibliothèque inclue dans Microsoft Visual Studio ont été corrigées.

Description

Plusieurs vulnérabilités affectant la bibliothèque Microsoft Active Template inclue dans Microsoft Visual Studio ont été corrigées. Elles ne concernent pas directement la suite de développement Micrososft Visual Studio mais certains logiciels tiers réalisés avec et qui utilisent la bibliothèque incriminée. L'une de ces vulnérabilités permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools (KB973830) ;
Microsoft	N/A	Microsoft Visual Studio 2008 Service Pack 1 (KB971092) ;
Microsoft	N/A	Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973544) ;
Microsoft	N/A	Microsoft Visual Studio .NET 2003 Service Pack 1 (KB971089) ;
Microsoft	N/A	Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB973552).
Microsoft	N/A	Microsoft Visual Studio 2008 (KB971091) ;
Microsoft	N/A	Microsoft Visual Studio 2005 Service Pack 1 (KB971090) ;
Microsoft	N/A	Microsoft Visual C++ 2008 Redistributable Package (KB973551) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-035 du 28 juillet 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools (KB973830) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2008 Service Pack 1 (KB971092) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973544) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio .NET 2003 Service Pack 1 (KB971089) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB973552).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2008 (KB971091) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2005 Service Pack 1 (KB971090) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual C++ 2008 Redistributable Package (KB973551) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectant la biblioth\u00e8que Microsoft Active\nTemplate inclue dans Microsoft Visual Studio ont \u00e9t\u00e9 corrig\u00e9es. Elles ne\nconcernent pas directement la suite de d\u00e9veloppement Micrososft Visual\nStudio mais certains logiciels tiers r\u00e9alis\u00e9s avec et qui utilisent la\nbiblioth\u00e8que incrimin\u00e9e. L\u0027une de ces vuln\u00e9rabilit\u00e9s permet l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2495"
    }
  ],
  "initial_release_date": "2009-07-29T00:00:00",
  "last_revision_date": "2009-07-29T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-300",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-07-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant une biblioth\u00e8que inclue dans\nMicrosoft Visual Studio ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Visual Studio",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-035 du 28 juillet 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx"
    }
  ]
}

fkie_cve-2009-0901

Vulnerability from fkie_nvd

Published

2009-07-29 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
cve@mitre.org	http://marc.info/?l=bugtraq&m=126592505426855&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=126592505426855&w=2
cve@mitre.org	http://secunia.com/advisories/35967
cve@mitre.org	http://secunia.com/advisories/36187
cve@mitre.org	http://secunia.com/advisories/36374
cve@mitre.org	http://secunia.com/advisories/36746
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
cve@mitre.org	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-10.html
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb09-13.html
cve@mitre.org	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
cve@mitre.org	http://www.securityfocus.com/bid/35832	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2034
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2232
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35967
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36187
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36374
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36746
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-10.html
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-13.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35832	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2034
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2232
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581

Impacted products

Vendor	Product	Version
microsoft	visual_c\+\+	2005
microsoft	visual_c\+\+	2008
microsoft	visual_c\+\+	2008
microsoft	visual_studio	2005
microsoft	visual_studio	2005
microsoft	visual_studio	2008
microsoft	visual_studio	2008
microsoft	visual_studio_.net	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "FA86F8B2-0211-4FF6-BE07-2E2EC06DFC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "9BA98FBB-255F-4AC9-B035-54C60EEE022B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "B20EDFCC-8C10-4EBF-BCC6-1A17362E6676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\\+\\+_tools:*:*:*:*:*",
              "matchCriteriaId": "9E35016A-D55F-4607-8716-77AACB7B166C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La Active Template Library  (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold, y Visual C++ 2005 SP1 y 2008 Gold y SP1, no previene las llamadas VariantClear sobre una VARIAN sin inicializar, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un (1) componente o (2) control ATL. Relacionado con las cabeceras ATL y manejo de errores. Tambi\u00e9n conocida como \"Vulnerabilidad de objeto ATL sin inicializar\"."
    }
  ],
  "evaluatorImpact": "Please refer to this link http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx for mitigating factors and additional information.",
  "id": "CVE-2009-0901",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-07-29T17:30:00.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35832"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-0901 (GCVE-0-2009-0901)

Vulnerability from cvelistv5

Vulnerability from github

Vulnerability from gsd

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature