MS09-035: Vulnerabilities in Visual Studio Active Template Libraries could allow remote code execution

<html><body><p>Addresses vulnerabilities in the Active Template Libraries for the Microsoft Visual Studio that could allow remote code execution. Applies to systems with ActiveX controls installed that were built using Visual Studio Active Template Libraries.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS09-035. To view the complete security bulletin, visit one of the following Microsoft Web sites:<br /><br /><ul><li>Home users:<br /><br /><div><a href=“http://www.microsoft.com/security/updates/bulletins/200908.aspx” target=“_self”>http://www.microsoft.com/security/updates/bulletins/200908.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update Web site now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate” target=“_self”>http://update.microsoft.com/microsoftupdate</a></div></li><li>IT professionals:<br /><br /><div><a href=“http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2>More Information</h2><div><h3> Prerequisites</h3> <br />If you are running Windows Server 2003 Service Pack 2 (SP2), you must install update 973825 before you install this security update.<br /><br /><span>For more information about update 973825, click the following article number to view the article in the Microsoft Knowledge Base:<br /><br /><div><a href=“https://support.microsoft.com/en-us/help/973825”>973825 </a> Error message when you try to install a large Windows Installer package or a large Windows Installer patch package in Windows Server 2003 Service Pack 2: “Error 1718 File was rejected by digital signature policy”<br /><br /></div></span><h3>Additional information and known issues about this security update</h3><span>For more information about this security update, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/971089”>971089 </a>Description of the update for Microsoft Visual Studio .NET 2003 Service Pack 1: July 28, 2009<br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/971090”>971090 </a>Description of the update for Microsoft Visual Studio 2005 Service Pack 1: July 28, 2009<br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/971091”>971091 </a>Description of the update for Microsoft Visual Studio 2008: July 28, 2009<br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/971092”>971092 </a>Description of the update for Microsoft Visual Studio 2008 Service Pack 1: July 28, 2009<br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973544”>973544 </a> Description of the security update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package: July 28, 2009<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973552”>973552 </a> Description of the security update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package: July 28, 2009<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973551”>973551 </a> <br />Description of the update for Microsoft Visual C++ 2008 Redistributable Package: July 28, 2009<br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973830”>973830 </a> <br />Description of the update for Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools: July 28, 2009<br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973923”>973923 </a> Description of the security update for the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (for previously installed versions): July 28, 2009<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973924”>973924 </a> Description of the security update for the Microsoft Visual C++ 2008 Redistributable Package (for previously installed versions): July 28, 2009<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973673”>973673 </a> MS09-035: Description of the ATL for Smart Devices security update for Visual Studio 2005 Service Pack 1: August 11, 2009<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973674”>973674 </a> MS09-035: Description of the ATL for Smart Devices security update for Visual Studio 2008: August 11, 2009<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973675”>973675 </a> MS09-035: Description of the ATL for Smart Devices security update for Visual Studio 2008 Service Pack 1: August 11, 2009<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/974616”>974616 </a> <br />An update rollup is available for Windows Embedded CE 6.0 (December 2009)<br /></div></span><span>For more information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:<br /><br /><div><a href=“https://support.microsoft.com/en-us/help/974054”>974054 </a> Symbol files (PDBs) are not updated after you install update 971090 or 973830 for Visual Studio 2005 Service Pack 1 or update 971089 for Visual Studio .NET 2003 Service Pack 1<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/974055”>974055 </a> <br />Some DLL files are not updated when you install update 971091 for Visual Studio 2008<br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/973825”>973825 </a> Error message when you try to install a large Windows Installer package or a large Windows Installer patch package in Windows Server 2003 Service Pack 2: “Error 1718 File was rejected by digital signature policy”<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/974479”>974479 </a> You receive a compile error in your ATL project after you install the Windows SDK 6.1 with Visual Studio 2008 Service Pack 1<br /><br /></div></span></div><h2>Additional affected products</h2><div>In addition to the product versions that are specified in the “Applies to” section, this security update is meant to be used with the following products: <br /><br /><ul><li>Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package</li><li>Microsoft Visual C++ 2008 Redistributable Package</li><li>Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools</li><li>Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package</li></ul></div></body></html>