Remote Code Execution Vulnerabilities in Visual Studio Active Template Library - MS09-035| ID: oval:org.secpod.oval:def:2617 | Date: (C)2011-10-27 (M)2023-10-05 |
| Class: PATCH | Family: windows |
The host is missing a moderate security update according to Microsoft security bulletin, MS09-035. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Active Template Library (ATL) included with Visual Studio, which allows an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and to read a string without a terminating NULL character and fails to handle instantiation of an object from data streams. Successful exploitation could allow an attacker to gain the user rights and take complete control of an affected system.
| Platform: |
| Microsoft Windows 2000 |
| Microsoft Windows XP |
| Microsoft Windows Server 2003 |
| Microsoft Windows Vista |
| Microsoft Windows Server 2008 |
| Microsoft Windows 7 |
| Microsoft Windows Server 2008 R2 |
| Microsoft Windows 8 |
| Microsoft Windows Server 2012 |
| Microsoft Windows Server 2012 R2 |
| Microsoft Windows Server 2016 |
| Microsoft Windows 10 |
| Microsoft Windows 11 |
| Microsoft Windows Server 2019 |
| Microsoft Windows Server 2022 |
| Product: |
| Microsoft Visual Studio .NET 2003 |
| Microsoft Visual Studio 2005 |
| Microsoft Visual Studio 2008 |
| Microsoft Visual C++ 2005 Redistributable Package |
| Microsoft Visual C++ 2008 Redistributable Package |
