[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Remote Code Execution Vulnerabilities in Visual Studio Active Template Library - MS09-035

ID: oval:org.secpod.oval:def:2617Date: (C)2011-10-27   (M)2017-10-04
Class: PATCHFamily: windows




The host is missing a moderate security update according to Microsoft security bulletin, MS09-035. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Active Template Library (ATL) included with Visual Studio, which allows an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and to read a string without a terminating NULL character and fails to handle instantiation of an object from data streams. Successful exploitation could allow an attacker to gain the user rights and take complete control of an affected system.

Platform:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Product:
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Microsoft Visual Studio 2008
Microsoft Visual C++ 2005 Redistributable Package
Microsoft Visual C++ 2008 Redistributable Package
Reference:
MS09-035
CVE-2009-0901
CVE-2009-2493
CVE-2009-2495
CVE    3
CVE-2009-2495
CVE-2009-2493
CVE-2009-0901
CPE    14
cpe:/a:microsoft:visual_studio:2005:SP1
cpe:/a:microsoft:visual_studio:2008:SP1
cpe:/a:microsoft:visual_studio:2005
cpe:/a:microsoft:visual_studio:2003:sp1
...
XCCDF    6
xccdf_com.secpod_benchmark_microsoft-windows-server-2008
xccdf_com.secpod_benchmark_microsoft-windows-server-2003
xccdf_com.secpod_benchmark_microsoft-windows-xp
xccdf_com.secpod_benchmark_microsoft-windows-2000
...

© 2013 SecPod Technologies