Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-2493

Published: 29/07/2009 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Visual C\+\+

Vulnerability Summary

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote malicious users to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft visual c\\+\\+ 2005

microsoft visual c\\+\\+ 2008

microsoft windows vista -

microsoft windows vista

microsoft windows xp

microsoft windows server 2008 -

microsoft windows 2003 server

microsoft windows 2000

microsoft windows server 2008

microsoft visual studio 2008

microsoft visual studio 2005

microsoft visual studio 2003

Recent Articles

Microsoft emergency fix kills bugs in IE, Visual Studio
The Register • Dan Goodin • 28 Jul 2009

Just in time

Microsoft issued two emergency updates on Tuesday to fix critical security bugs that leave users of Internet Explorer and an untold number of third-party applications vulnerable to remote attacks that completely commandeer their computers. Most of the vulnerabilities are located in Microsoft's ATL, or Active Template Library, which developers from Redmond and elsewhere use to write Component Object Model code, including ActiveX controls that are frequently targeted by attackers. Applications tha...

Read more...

References

CWE-264http://www.adobe.com/support/security/bulletins/apsb09-11.htmlhttp://www.adobe.com/support/security/advisories/apsa09-04.htmlhttp://www.vupen.com/english/advisories/2009/2034http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspxhttp://secunia.com/advisories/36187http://www.vupen.com/english/advisories/2009/2232http://www.adobe.com/support/security/bulletins/apsb09-13.htmlhttp://secunia.com/advisories/36374http://www.adobe.com/support/security/bulletins/apsb09-10.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlhttp://www.us-cert.gov/cas/techalerts/TA09-195A.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.htmlhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlhttp://marc.info/?l=bugtraq&m=126592505426855&w=2http://www.openoffice.org/security/cves/CVE-2009-2493.htmlhttp://www.vupen.com/english/advisories/2010/0366http://secunia.com/advisories/38568http://secunia.com/advisories/36746http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1http://www.us-cert.gov/cas/techalerts/TA09-342A.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1http://secunia.com/advisories/41818http://secunia.com/advisories/35967https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035https://nvd.nist.govhttps://www.theregister.co.uk/2009/07/28/microsoft_emergency_patches_released/https://www.kb.cert.org/vuls/id/456745
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook