Visual Studio Active Template Library object type mismatch vulnerability

2009-08-24T00:00:00
ID SAINT:3EFA8C4F9B16658AAF5A7859811A4C71
Type saint
Reporter SAINT Corporation
Modified 2009-08-24T00:00:00

Description

Added: 08/24/2009
CVE: CVE-2009-2494
BID: 35982
OSVDB: 56910

Background

Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library (ATL), which is a set of template-based C++ classes, to help simplify the programming of Component Object Model (COM) objects.

Problem

Microsoft ATL allows command execution due to an erroneous free operation after a program reads a variant from a stream and deletes this variant.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-037.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-037.mspx>

Limitations

Exploit works on Windows XP SP3 and requires a user to open the exploit page in Internet Explorer 6.

On the target machine, "Initialize and Script ActiveX controls not marked as safe" must be enabled in the Security Settings for Internet Explorer.

Platforms

Windows XP