Lucene search

K
cve[email protected]CVE-2009-2495
HistoryJul 29, 2009 - 5:30 p.m.

CVE-2009-2495

2009-07-2917:30:00
CWE-200
web.nvd.nist.gov
108
cve-2009-2495
active template library
microsoft visual studio
atl
string termination
buffer over-read
information security
vulnerability
nvd
remote attackers
sensitive information

5.8 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.062 Low

EPSS

Percentile

93.5%

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka β€œATL Null String Vulnerability.”

References

5.8 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.062 Low

EPSS

Percentile

93.5%