cvelistv5 - cve-2009-2493

CVE-2009-2493 (GCVE-0-2009-2493)

Vulnerability from cvelistv5

Published

2009-07-29 17:00

Modified

2024-08-07 05:52

Severity ?

CWE

Summary

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

References

URL

Tags

secure@microsoft.com	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx	Broken Link
secure@microsoft.com	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	Third Party Advisory
secure@microsoft.com	http://marc.info/?l=bugtraq&m=126592505426855&w=2	Third Party Advisory
secure@microsoft.com	http://marc.info/?l=bugtraq&m=126592505426855&w=2	Third Party Advisory
secure@microsoft.com	http://secunia.com/advisories/35967
secure@microsoft.com	http://secunia.com/advisories/36187
secure@microsoft.com	http://secunia.com/advisories/36374
secure@microsoft.com	http://secunia.com/advisories/36746
secure@microsoft.com	http://secunia.com/advisories/38568
secure@microsoft.com	http://secunia.com/advisories/41818
secure@microsoft.com	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1	Broken Link
secure@microsoft.com	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1	Broken Link
secure@microsoft.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1	Broken Link
secure@microsoft.com	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch, Third Party Advisory
secure@microsoft.com	http://www.adobe.com/support/security/bulletins/apsb09-10.html	Third Party Advisory
secure@microsoft.com	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch, Third Party Advisory
secure@microsoft.com	http://www.adobe.com/support/security/bulletins/apsb09-13.html	Third Party Advisory
secure@microsoft.com	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1	Third Party Advisory
secure@microsoft.com	http://www.openoffice.org/security/cves/CVE-2009-2493.html	Third Party Advisory
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-342A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/2034
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/2232
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/0366
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=126592505426855&w=2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=126592505426855&w=2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35967
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36187
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36374
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38568
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41818
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-10.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-13.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openoffice.org/security/cves/CVE-2009-2493.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-342A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2034
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2232
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0366
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:15.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
          },
          {
            "name": "266108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6304",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
          },
          {
            "name": "ADV-2009-2034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2034"
          },
          {
            "name": "TA09-223A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6621",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
          },
          {
            "name": "ADV-2010-0366",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0366"
          },
          {
            "name": "SSRT100013",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "MS09-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
          },
          {
            "name": "HPSBMA02488",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "36187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36187"
          },
          {
            "name": "TA09-342A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
          },
          {
            "name": "ADV-2009-2232",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
          },
          {
            "name": "36374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36374"
          },
          {
            "name": "38568",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38568"
          },
          {
            "name": "MS09-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6245",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
          },
          {
            "name": "oval:org.mitre.oval:def:6716",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
          },
          {
            "name": "36746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36746"
          },
          {
            "name": "oval:org.mitre.oval:def:6421",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
          },
          {
            "name": "41818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "name": "35967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35967"
          },
          {
            "name": "SUSE-SA:2009:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
          },
          {
            "name": "1020775",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
          },
          {
            "name": "TA09-195A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "MS09-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
          },
          {
            "name": "MS09-055",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
          },
          {
            "name": "264648",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6473",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
        },
        {
          "name": "266108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
        },
        {
          "name": "oval:org.mitre.oval:def:6304",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
        },
        {
          "name": "ADV-2009-2034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2034"
        },
        {
          "name": "TA09-223A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6621",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
        },
        {
          "name": "ADV-2010-0366",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0366"
        },
        {
          "name": "SSRT100013",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "MS09-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
        },
        {
          "name": "HPSBMA02488",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "36187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36187"
        },
        {
          "name": "TA09-342A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
        },
        {
          "name": "ADV-2009-2232",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
        },
        {
          "name": "36374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36374"
        },
        {
          "name": "38568",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38568"
        },
        {
          "name": "MS09-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6245",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
        },
        {
          "name": "oval:org.mitre.oval:def:6716",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
        },
        {
          "name": "36746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36746"
        },
        {
          "name": "oval:org.mitre.oval:def:6421",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
        },
        {
          "name": "41818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41818"
        },
        {
          "name": "35967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35967"
        },
        {
          "name": "SUSE-SA:2009:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
        },
        {
          "name": "1020775",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
        },
        {
          "name": "TA09-195A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
        },
        {
          "name": "MS09-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
        },
        {
          "name": "MS09-055",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
        },
        {
          "name": "264648",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
        },
        {
          "name": "oval:org.mitre.oval:def:6473",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
            },
            {
              "name": "266108",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
            },
            {
              "name": "oval:org.mitre.oval:def:6304",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
            },
            {
              "name": "ADV-2009-2034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2034"
            },
            {
              "name": "TA09-223A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6621",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
            },
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2009-2493.html",
              "refsource": "CONFIRM",
              "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-035",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
            },
            {
              "name": "ADV-2010-0366",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0366"
            },
            {
              "name": "SSRT100013",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "MS09-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
            },
            {
              "name": "HPSBMA02488",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "36187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36187"
            },
            {
              "name": "TA09-342A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
            },
            {
              "name": "ADV-2009-2232",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2232"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
            },
            {
              "name": "36374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36374"
            },
            {
              "name": "38568",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38568"
            },
            {
              "name": "MS09-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6245",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
            },
            {
              "name": "oval:org.mitre.oval:def:6716",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
            },
            {
              "name": "36746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36746"
            },
            {
              "name": "oval:org.mitre.oval:def:6421",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
            },
            {
              "name": "41818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41818"
            },
            {
              "name": "35967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35967"
            },
            {
              "name": "SUSE-SA:2009:053",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
            },
            {
              "name": "1020775",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "MS09-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
            },
            {
              "name": "MS09-055",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
            },
            {
              "name": "264648",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
            },
            {
              "name": "oval:org.mitre.oval:def:6473",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2493",
    "datePublished": "2009-07-29T17:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:15.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2493\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-07-29T17:30:01.233\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \\\"ATL COM Initialization Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"La Active Template Library (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold y SP1, y Visual C++ 2005 SP1 y 2008 Gold y SP1 no restringe adecuadamente el uso de OleLoadFromStream en la instanciaci\u00f3n de objetos desde el flujo de datos, lo que permite a atacantes remotos  ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado con un (1)control o (2) componente, relacionado con las cabeceras ATL y el evitar las pol\u00edticas de seguridad. Tambi\u00e9n conocida como \\\"Vulnerabilidad de Inicializaci\u00f3n ATL COM\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2005:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"882CDAE9-EC03-48E6-814C-50236B8F0B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27438900-81A7-41CD-AA17-1DA9F35C98D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2008:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E0021F-ABB9-4FB4-BC1C-5098F2E66371\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C28897B-044A-447B-AD76-6397F8190177\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32623D48-7000-4C7D-823F-7D2A9841D88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CAEEA81-5037-4B68-98D9-83AAEBC98E20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2003:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9AD97AF-1F2A-483D-86F2-764ECEC31BD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED077FFC-EBCC-4CD9-BF0E-0286B99C1965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35967\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/36187\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/36374\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/36746\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/38568\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/41818\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-04.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-10.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-11.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-13.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openoffice.org/security/cves/CVE-2009-2493.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-223A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-342A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2034\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2232\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0366\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38568\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/41818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa09-04.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-10.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb09-13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openoffice.org/security/cves/CVE-2009-2493.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-223A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-342A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-516

Vulnerability from certfr_avis

Plusieurs vulnérabilités présentes dans les lecteurs Flash d'Adobe permettent de contourner la politique de sécurité, de porter atteinte à l'intégrité des données, ou d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités, notamment de type débordement de mémoire ou pointeur nul, peuvent être exploitées par une personne malveillante afin d'exécuter du code arbitraire à distance au moyen d'un fichier au format swf spécialement construit.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player 10.x ;
Adobe	N/A	Adobe Flash Player 9.x.
Adobe	N/A	Adobe AIR 1.x ;

References

Title

Publication Time

Tags

Bulletins de sécurité Adobe	None	vendor-advisory
Bulletin de sécurité Adobe apsa09-04 du 30 juillet 2009 :	-	other
Bulletin de sécurité Adobe apsa09-03 du 02 août 2009 :	-	other
Bulletin de sécurité Adobe apsb09-10 du 09 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player 10.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 9.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe AIR 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, notamment de type d\u00e9bordement de m\u00e9moire ou\npointeur nul, peuvent \u00eatre exploit\u00e9es par une personne malveillante afin\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen d\u0027un fichier au format\nswf sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1864"
    },
    {
      "name": "CVE-2009-1867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1867"
    },
    {
      "name": "CVE-2009-1866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1866"
    },
    {
      "name": "CVE-2009-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1865"
    },
    {
      "name": "CVE-2009-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1868"
    },
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1870"
    },
    {
      "name": "CVE-2009-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1862"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2395"
    },
    {
      "name": "CVE-2009-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1863"
    },
    {
      "name": "CVE-2009-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1869"
    }
  ],
  "initial_release_date": "2009-11-26T00:00:00",
  "last_revision_date": "2009-11-26T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa09-04 du 30 juillet 2009 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa09-03 du 02 ao\u00fbt 2009 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-03.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-10 du 09 septembre 2009 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    }
  ],
  "reference": "CERTA-2009-AVI-516",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les lecteurs Flash d\u0027Adobe\npermettent de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Adobe",
      "url": null
    }
  ]
}

CERTA-2010-AVI-080

Vulnerability from certfr_avis

De multiples vulnérabilités dans OpenOffice.org permettent, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été identifiées dans le navigateur OpenOffice.org. Leurs exploitations permettent notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenOffice.org versions antérieures à 3.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité OpenOffice du 12 février 2010	None	vendor-advisory
Bulletin de sécurité Debian dsa-1995-1 du 12 février 2010 :	-	other
Bulletin de sécurité OpenOffice CVE-2006-4339 :	-	other
Bulletin de sécurité OpenOffice CVE-2009-0217 :	-	other
Bulletin de sécurité OpenOffice CVE-2009-3301 :	-	other
Bulletin de sécurité OpenOffice CVE-2009-3302 :	-	other
Bulletin de sécurité Redhat RHSA-2010-0101-1 du 12 février 2010 :	-	other
Bulletin de sécurité OpenOffice CVE-2009-2493 :	-	other
Bulletin de sécurité OpenOffice CVE-2009-2949 :	-	other
Bulletin de sécurité OpenOffice CVE-2009-2950 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eOpenOffice.org versions ant\u00e9rieures \u00e0  3.2.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nOpenOffice.org. Leurs exploitations permettent notamment \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4339"
    },
    {
      "name": "CVE-2009-3301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3301"
    },
    {
      "name": "CVE-2009-2949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2949"
    },
    {
      "name": "CVE-2009-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2950"
    },
    {
      "name": "CVE-2009-3302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3302"
    },
    {
      "name": "CVE-2009-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0217"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    }
  ],
  "initial_release_date": "2010-02-15T00:00:00",
  "last_revision_date": "2010-02-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-1995-1 du 12 f\u00e9vrier 2010 :",
      "url": "http://www.debian.org/security/2010/dsa-1995"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice CVE-2006-4339 :",
      "url": "http://www.openoffice.org/security/cves/CVE-2006-4339.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice CVE-2009-0217 :",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice CVE-2009-3301 :",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-3301.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice CVE-2009-3302 :",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-3302.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat RHSA-2010-0101-1 du 12 f\u00e9vrier    2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0101.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice CVE-2009-2493 :",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice CVE-2009-2949 :",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2949.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice CVE-2009-2950 :",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2950.html"
    }
  ],
  "reference": "CERTA-2010-AVI-080",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans OpenOffice.org permettent, entre\nautres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenOffice",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenOffice du 12 f\u00e9vrier 2010",
      "url": null
    }
  ]
}

CERTA-2009-AVI-440

Vulnerability from certfr_avis

Plusieurs vulnérabilités dans Microsoft Active Template Library (ATL) ActiveX controls pour Microsoft Office permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités dans Microsoft Active Template Library (ATL) ActiveX controls pour Microsoft Office permettent à une personne distante d'exécuter du code arbitraire :

une erreur dans l'en-tête de Microsoft ATL permet d'exécuter du code arbitraire à distance via l'appel VariantClear (CVE-2009-0901);
une erreur dans l'en-tête de Microsoft ATL permet d'exécuter du code arbitraire à distance via l'instantiation d'un objet issu d'un flux de données (CVE-2009-2493) ;
une erreur dans Microsoft ATL permet de lire une chaîne de caractères sans le caractère NULL de fin. Il est ainsi possible de lire des données supplémentaires présentes en mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Visio 2002 Viewer ;
Microsoft	Office	Microsoft Office 2003 Service Pack 3 ;
Microsoft	Office	2007 Microsoft Office System Service Pack 1 et 2 ;
Microsoft	Office	Microsoft Office Vision Viewer Service Pack 2 et versions antérieures.
Microsoft	Office	Microsoft Office Visio 2003 Viewer ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-060 du 13 octobre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2002 Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "2007 Microsoft Office System Service Pack 1 et 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Vision Viewer Service Pack 2 et versions ant\u00e9rieures.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Visio 2003 Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Microsoft Active Template Library (ATL)\nActiveX controls pour Microsoft Office permettent \u00e0 une personne\ndistante d\u0027ex\u00e9cuter du code arbitraire :\n\n-   une erreur dans l\u0027en-t\u00eate de Microsoft ATL permet d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance via l\u0027appel VariantClear (CVE-2009-0901);\n-   une erreur dans l\u0027en-t\u00eate de Microsoft ATL permet d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance via l\u0027instantiation d\u0027un objet issu d\u0027un flux\n    de donn\u00e9es (CVE-2009-2493) ;\n-   une erreur dans Microsoft ATL permet de lire une cha\u00eene de\n    caract\u00e8res sans le caract\u00e8re NULL de fin. Il est ainsi possible de\n    lire des donn\u00e9es suppl\u00e9mentaires pr\u00e9sentes en m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2495"
    }
  ],
  "initial_release_date": "2009-10-14T00:00:00",
  "last_revision_date": "2009-10-14T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-440",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Active Template Library (ATL)\nActiveX controls pour Microsoft Office permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft ATL ActiveX controls pour Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-060 du 13 octobre 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx"
    }
  ]
}

CERTA-2010-AVI-083

Vulnerability from certfr_avis

De multiples vulnérabilités dans HP ProLiant Support Pack permettent, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été identifiées dans le navigateur HP ProLiant Support Pack. Leur exploitation permet notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP ProLiant Support Pack 8.30 pour Windows

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01997644 du 10 février 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP ProLiant Support Pack 8.30 pour  Windows\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur HP\nProLiant Support Pack. Leur exploitation permet notamment \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2495"
    }
  ],
  "initial_release_date": "2010-02-18T00:00:00",
  "last_revision_date": "2010-02-18T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-083",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans HP ProLiant Support Pack permettent,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans HP ProLiant Support Pack",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01997644 du 10 f\u00e9vrier 2010",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01997644"
    }
  ]
}

CERTA-2009-AVI-300

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectant une bibliothèque inclue dans Microsoft Visual Studio ont été corrigées.

Description

Plusieurs vulnérabilités affectant la bibliothèque Microsoft Active Template inclue dans Microsoft Visual Studio ont été corrigées. Elles ne concernent pas directement la suite de développement Micrososft Visual Studio mais certains logiciels tiers réalisés avec et qui utilisent la bibliothèque incriminée. L'une de ces vulnérabilités permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools (KB973830) ;
Microsoft	N/A	Microsoft Visual Studio 2008 Service Pack 1 (KB971092) ;
Microsoft	N/A	Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973544) ;
Microsoft	N/A	Microsoft Visual Studio .NET 2003 Service Pack 1 (KB971089) ;
Microsoft	N/A	Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB973552).
Microsoft	N/A	Microsoft Visual Studio 2008 (KB971091) ;
Microsoft	N/A	Microsoft Visual Studio 2005 Service Pack 1 (KB971090) ;
Microsoft	N/A	Microsoft Visual C++ 2008 Redistributable Package (KB973551) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-035 du 28 juillet 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools (KB973830) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2008 Service Pack 1 (KB971092) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973544) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio .NET 2003 Service Pack 1 (KB971089) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB973552).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2008 (KB971091) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2005 Service Pack 1 (KB971090) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual C++ 2008 Redistributable Package (KB973551) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectant la biblioth\u00e8que Microsoft Active\nTemplate inclue dans Microsoft Visual Studio ont \u00e9t\u00e9 corrig\u00e9es. Elles ne\nconcernent pas directement la suite de d\u00e9veloppement Micrososft Visual\nStudio mais certains logiciels tiers r\u00e9alis\u00e9s avec et qui utilisent la\nbiblioth\u00e8que incrimin\u00e9e. L\u0027une de ces vuln\u00e9rabilit\u00e9s permet l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2495"
    }
  ],
  "initial_release_date": "2009-07-29T00:00:00",
  "last_revision_date": "2009-07-29T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-300",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-07-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant une biblioth\u00e8que inclue dans\nMicrosoft Visual Studio ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Visual Studio",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-035 du 28 juillet 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx"
    }
  ]
}

CERTA-2009-AVI-325

Vulnerability from certfr_avis

Plusieurs vulnérabilités de la bibliothèque ATL de Windows permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de la bibliothèque ATL (Active template library) de Windows ont été identifiées :

la première provient de la lecture sans filtrage de données non sûres ;
la seconde tire son origine de la copie de données non sûres ;
la troisième résulte du défaut d'initialisation d'un objet ;
la quatrième est liée à des erreurs dans certains en-têtes ATL ;
la cinquième provient d'un défaut de gestion de la mémoire.

Pour chacune de ces vulnérabilités, un utilisateur malveillant peut, par le biais d'une page web malveillante, exécuter du code arbitraire sur un système vulnérable avec les droits de l'utilisateur ;

Solution

Se référer au bulletin de sécurité MS09-037 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2008 et 2008 SP2 pour architecturess 32 bits, x64 et Itanium.
Microsoft	Windows	Windows Vista, Vista SP1 et SP2, y compris versions pour x64 ;
Microsoft	Windows	Windows XP S2, SP3 et Édition Media Center 2005 ;
Microsoft	Windows	Windows 2000 SP4 ;
Microsoft	Windows	Windows Server 2003 SP2, y compris versions pour x64 et Itanium ;
Microsoft	Windows	Windows XP Professionnel Édition x64 SP2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-037

2009-08-11

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2008 et 2008 SP2 pour architecturess 32 bits, x64 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista, Vista SP1 et SP2, y compris versions pour x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP S2, SP3 et \u00c9dition Media Center 2005 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 2000 SP4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2, y compris versions pour x64 et Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Professionnel \u00c9dition x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL (Active template\nlibrary) de Windows ont \u00e9t\u00e9 identifi\u00e9es\u00a0:\n\n-   la premi\u00e8re provient de la lecture sans filtrage de donn\u00e9es non\n    s\u00fbres ;\n-   la seconde tire son origine de la copie de donn\u00e9es non s\u00fbres ;\n-   la troisi\u00e8me r\u00e9sulte du d\u00e9faut d\u0027initialisation d\u0027un objet ;\n-   la quatri\u00e8me est li\u00e9e \u00e0 des erreurs dans certains en-t\u00eates ATL ;\n-   la cinqui\u00e8me provient d\u0027un d\u00e9faut de gestion de la m\u00e9moire.\n\nPour chacune de ces vuln\u00e9rabilit\u00e9s, un utilisateur malveillant peut, par\nle biais d\u0027une page web malveillante, ex\u00e9cuter du code arbitraire sur un\nsyst\u00e8me vuln\u00e9rable avec les droits de l\u0027utilisateur ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS09-037 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0015"
    },
    {
      "name": "CVE-2008-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0020"
    },
    {
      "name": "CVE-2009-2494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2494"
    },
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    }
  ],
  "initial_release_date": "2009-08-12T00:00:00",
  "last_revision_date": "2009-08-12T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-325",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL de Windows permettent \u00e0\nun utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2009-08-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-037",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx"
    }
  ]
}

CERTA-2009-AVI-435

Vulnerability from certfr_avis

Les composants ActiveX construits avec des versions vulnérables de la bibliothèque ATL permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Les composants ActiveX construits avec des versions vulnérables de la bibliothèque ATL (ActiveX Template Library) sont eux-mêmes vulnérables. Ils permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Windows, toutes les versions.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-055 du 13 octobre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eMicrosoft  Windows\u003c/SPAN\u003e, toutes les versions.",
  "content": "## Description\n\nLes composants ActiveX construits avec des versions vuln\u00e9rables de la\nbiblioth\u00e8que ATL (ActiveX Template Library) sont eux-m\u00eames vuln\u00e9rables.\nIls permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    }
  ],
  "initial_release_date": "2009-10-14T00:00:00",
  "last_revision_date": "2009-10-14T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-435",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Les composants ActiveX construits avec des versions vuln\u00e9rables de la\nbiblioth\u00e8que ATL permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 des composants ActiveX utilisant la biblioth\u00e8que ATL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-055 du 13 octobre 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-055.mspx"
    }
  ]
}

CERTA-2009-AVI-538

Vulnerability from certfr_avis

Plusieurs vulnérabilités impactant Microsoft Internet Explorer, dont certaines permettant l'exécution de code arbitraire à distance, ont été corrigées.

Description

Plusieurs vulnérabilités concernant Microsoft Internet Explorer ont été corrigées. Certaines permettent à un utilisateur malveillant distant d'exécuter du code arbitraire au moyen d'une page Web spécialement écrite.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Explorer 6 et 6 SP1 ;
Microsoft	N/A	Microsoft Internet Explorer 5.01 SP4 ;
Microsoft	N/A	Microsoft Internet Explorer 8.
Microsoft	N/A	Microsoft Internet Explorer 7 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-072 du 08 décembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 6 et 6 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 SP4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant Microsoft Internet Explorer ont \u00e9t\u00e9\ncorrig\u00e9es. Certaines permettent \u00e0 un utilisateur malveillant distant\nd\u0027ex\u00e9cuter du code arbitraire au moyen d\u0027une page Web sp\u00e9cialement\n\u00e9crite.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3673"
    },
    {
      "name": "CVE-2009-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3672"
    },
    {
      "name": "CVE-2009-3671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3671"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    },
    {
      "name": "CVE-2009-3674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3674"
    }
  ],
  "initial_release_date": "2009-12-09T00:00:00",
  "last_revision_date": "2009-12-09T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-538",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s impactant Microsoft Internet Explorer, dont\ncertaines permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance, ont \u00e9t\u00e9\ncorrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-072 du 08 d\u00e9cembre 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx"
    }
  ]
}

ghsa-xrpm-74v3-f6fq

Vulnerability from github

Published

2022-05-02 03:35

Modified

2022-05-02 03:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2493"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-07-29T17:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\"",
  "id": "GHSA-xrpm-74v3-f6fq",
  "modified": "2022-05-02T03:35:49Z",
  "published": "2022-05-02T03:35:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2493"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38568"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "type": "WEB",
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0366"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-2493

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2493

Aliases

CVE-2009-2493

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2493",
    "description": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\"",
    "id": "GSD-2009-2493",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-2493.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2493"
      ],
      "details": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\"",
      "id": "GSD-2009-2493",
      "modified": "2023-12-13T01:19:46.923562Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-2493",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
          },
          {
            "name": "266108",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6304",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
          },
          {
            "name": "ADV-2009-2034",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2034"
          },
          {
            "name": "TA09-223A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6621",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
          },
          {
            "name": "http://www.openoffice.org/security/cves/CVE-2009-2493.html",
            "refsource": "CONFIRM",
            "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
          },
          {
            "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
            "refsource": "CONFIRM",
            "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
          },
          {
            "name": "TA09-286A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-035",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
          },
          {
            "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
          },
          {
            "name": "ADV-2010-0366",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0366"
          },
          {
            "name": "SSRT100013",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "MS09-072",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
          },
          {
            "name": "HPSBMA02488",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "36187",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36187"
          },
          {
            "name": "TA09-342A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
          },
          {
            "name": "ADV-2009-2232",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2232"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
          },
          {
            "name": "36374",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36374"
          },
          {
            "name": "38568",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38568"
          },
          {
            "name": "MS09-037",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
          },
          {
            "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6245",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
          },
          {
            "name": "oval:org.mitre.oval:def:6716",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
          },
          {
            "name": "36746",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36746"
          },
          {
            "name": "oval:org.mitre.oval:def:6421",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
          },
          {
            "name": "41818",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "name": "35967",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35967"
          },
          {
            "name": "SUSE-SA:2009:053",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
          },
          {
            "name": "1020775",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
          },
          {
            "name": "TA09-195A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "MS09-060",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
          },
          {
            "name": "MS09-055",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
          },
          {
            "name": "264648",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6473",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2003:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2493"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
            },
            {
              "name": "ADV-2009-2034",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/2034"
            },
            {
              "name": "264648",
              "refsource": "SUNALERT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
            },
            {
              "name": "36187",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36187"
            },
            {
              "name": "ADV-2009-2232",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/2232"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
            },
            {
              "name": "36374",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36374"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
            },
            {
              "name": "266108",
              "refsource": "SUNALERT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
            },
            {
              "name": "TA09-223A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "SUSE-SA:2009:053",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "SSRT100013",
              "refsource": "HP",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2009-2493.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
            },
            {
              "name": "ADV-2010-0366",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0366"
            },
            {
              "name": "38568",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38568"
            },
            {
              "name": "36746",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36746"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
            },
            {
              "name": "TA09-342A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
            },
            {
              "name": "1020775",
              "refsource": "SUNALERT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
            },
            {
              "name": "41818",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/41818"
            },
            {
              "name": "35967",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35967"
            },
            {
              "name": "oval:org.mitre.oval:def:6716",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
            },
            {
              "name": "oval:org.mitre.oval:def:6621",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
            },
            {
              "name": "oval:org.mitre.oval:def:6473",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
            },
            {
              "name": "oval:org.mitre.oval:def:6421",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
            },
            {
              "name": "oval:org.mitre.oval:def:6304",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
            },
            {
              "name": "oval:org.mitre.oval:def:6245",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
            },
            {
              "name": "MS09-072",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
            },
            {
              "name": "MS09-060",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
            },
            {
              "name": "MS09-055",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
            },
            {
              "name": "MS09-037",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
            },
            {
              "name": "MS09-035",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:51Z",
      "publishedDate": "2009-07-29T17:30Z"
    }
  }
}

fkie_cve-2009-2493

Vulnerability from fkie_nvd

Published

2009-07-29 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx	Broken Link
secure@microsoft.com	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	Third Party Advisory
secure@microsoft.com	http://marc.info/?l=bugtraq&m=126592505426855&w=2	Third Party Advisory
secure@microsoft.com	http://secunia.com/advisories/35967
secure@microsoft.com	http://secunia.com/advisories/36187
secure@microsoft.com	http://secunia.com/advisories/36374
secure@microsoft.com	http://secunia.com/advisories/36746
secure@microsoft.com	http://secunia.com/advisories/38568
secure@microsoft.com	http://secunia.com/advisories/41818
secure@microsoft.com	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1	Broken Link
secure@microsoft.com	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1	Broken Link
secure@microsoft.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1	Broken Link
secure@microsoft.com	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch, Third Party Advisory
secure@microsoft.com	http://www.adobe.com/support/security/bulletins/apsb09-10.html	Third Party Advisory
secure@microsoft.com	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch, Third Party Advisory
secure@microsoft.com	http://www.adobe.com/support/security/bulletins/apsb09-13.html	Third Party Advisory
secure@microsoft.com	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1	Third Party Advisory
secure@microsoft.com	http://www.openoffice.org/security/cves/CVE-2009-2493.html	Third Party Advisory
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-342A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/2034
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/2232
secure@microsoft.com	http://www.vupen.com/english/advisories/2010/0366
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=126592505426855&w=2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35967
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36187
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36374
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38568
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41818
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa09-04.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-10.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-11.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb09-13.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openoffice.org/security/cves/CVE-2009-2493.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-342A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2034
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2232
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0366
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716

Impacted products

Vendor	Product	Version
microsoft	visual_c\+\+	2005
microsoft	visual_c\+\+	2008
microsoft	visual_c\+\+	2008
microsoft	windows_2000	*
microsoft	windows_2003_server	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	visual_studio	2003
microsoft	visual_studio	2005
microsoft	visual_studio	2008
microsoft	visual_studio	2008

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "882CDAE9-EC03-48E6-814C-50236B8F0B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "27438900-81A7-41CD-AA17-1DA9F35C98D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A4E0021F-ABB9-4FB4-BC1C-5098F2E66371",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A9AD97AF-1F2A-483D-86F2-764ECEC31BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La Active Template Library (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold y SP1, y Visual C++ 2005 SP1 y 2008 Gold y SP1 no restringe adecuadamente el uso de OleLoadFromStream en la instanciaci\u00f3n de objetos desde el flujo de datos, lo que permite a atacantes remotos  ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado con un (1)control o (2) componente, relacionado con las cabeceras ATL y el evitar las pol\u00edticas de seguridad. Tambi\u00e9n conocida como \"Vulnerabilidad de Inicializaci\u00f3n ATL COM\"."
    }
  ],
  "id": "CVE-2009-2493",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-07-29T17:30:01.233",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/38568"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2010/0366"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-2493 (GCVE-0-2009-2493)

Vulnerability from cvelistv5

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from certfr_avis

Description

Solution

Vulnerability from github

Vulnerability from gsd

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature