Lucene search

K
cveMicrosoftCVE-2009-2493
HistoryJul 29, 2009 - 5:30 p.m.

CVE-2009-2493

2009-07-2917:30:01
CWE-264
microsoft
web.nvd.nist.gov
146
atl
com
initialization
vulnerability
microsoft
visual studio
windows
cve-2009-2493
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.661

Percentile

97.9%

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka β€œATL COM Initialization Vulnerability.”

Affected configurations

Nvd
Node
microsoftvisual_c\+\+Match2005sp1
OR
microsoftvisual_c\+\+Match2008
OR
microsoftvisual_c\+\+Match2008sp1
Node
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serversp2
OR
microsoftwindows_server_2008sp2
OR
microsoftwindows_server_2008Match-
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch-
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp3
Node
microsoftvisual_studioMatch2003sp1
OR
microsoftvisual_studioMatch2005sp1
OR
microsoftvisual_studioMatch2008
OR
microsoftvisual_studioMatch2008sp1
VendorProductVersionCPE
microsoftvisual_c%2B%2B2008cpe:/a:microsoft:visual_c%2B%2B:2008:sp1::
microsoftvisual_c%2B%2B2008cpe:/a:microsoft:visual_c%2B%2B:2008:::
microsoftvisual_c%2B%2B2005cpe:/a:microsoft:visual_c%2B%2B:2005:sp1::

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.661

Percentile

97.9%