Lucene search

K
nvd[email protected]NVD:CVE-2009-2495
HistoryJul 29, 2009 - 5:30 p.m.

CVE-2009-2495

2009-07-2917:30:01
CWE-200
web.nvd.nist.gov
10

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.085

Percentile

94.6%

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka β€œATL Null String Vulnerability.”

Affected configurations

Nvd
Node
microsoftvisual_c\+\+Match2005sp1_redistribution_pkg
OR
microsoftvisual_c\+\+Match2008redistribution_pkg
OR
microsoftvisual_c\+\+Match2008sp1_redistribution_pkg
OR
microsoftvisual_studioMatch2005sp1
OR
microsoftvisual_studioMatch2005sp164_bit_hosted_visual_c\+\+_tools
OR
microsoftvisual_studioMatch2008
OR
microsoftvisual_studioMatch2008sp1
OR
microsoftvisual_studio_.netMatch2003sp1
VendorProductVersionCPE
microsoftvisual_c\+\+2005cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*
microsoftvisual_c\+\+2008cpe:2.3:a:microsoft:visual_c\+\+:2008:redistribution_pkg:*:*:*:*:*:*
microsoftvisual_c\+\+2008cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*
microsoftvisual_studio2005cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
microsoftvisual_studio2005cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\+\+_tools:*:*:*:*:*
microsoftvisual_studio2008cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
microsoftvisual_studio2008cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
microsoftvisual_studio_.net2003cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*

References

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.085

Percentile

94.6%