(Pwn2Own) ICONICS Genesis64 VariantClear Out-Of-Bounds Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of indexes. The issue results from the lack of proper validation of...

Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free

vbscript: use-after-free in OLEAUT32!VariantClear and scrrun!VBADictionary::putItem CVE-2018-8544 There is a use-after-free vulnerability possibly two vulnerabilities triggerable by the same PoC, see below in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows...

VBScript - OLEAUT32!VariantClear and scrrun!VBADictionary::put_Item Use-After-Free

VBScript - OLEAUT32!VariantClear and scrrun!VBADictionary::putItem Use-After-Free Class class2 Private Sub ClassTerminate var17.RemoveAll End Sub End Class Set var17 = CreateObject"Scripting.Dictionary" Set var17.Item"foo" = new class2 var17.Item"foo" = 1 !--...

Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)

This host is missing a critical security update according to Microsoft Bulletin MS09-035. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)

This host is missing a critical security update according to Microsoft Bulletin MS09-035. OpenVAS Vulnerability Test $Id: secpodms09-035.nasl 6517 2017-07-04 13:34:20Z cfischer $ Microsoft Visual Studio ATL Remote Code Execution Vulnerability 969706 Authors: Sharath S Copyright: Copyright c 2009...

Visual Studio Active Template Library uninitialized object

Added: 07/30/2009 CVE: CVE-2009-0901 BID: 35832 OSVDB: 56696 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

Visual Studio Active Template Library uninitialized object

Added: 07/30/2009 CVE: CVE-2009-0901 BID: 35832 OSVDB: 56696 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

The remote Windows host contains a version of the Microsoft Active Template Library ATL, included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL...

CVE-2009-0901

The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantCle...

Design/Logic Flaw

The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantCle...

CVE-2009-0901

The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantCle...

Microsoft Visual Studio ATL 'VariantClear()'远程代码执行漏洞

Bugraq ID: 35832 CVE ID：CVE-2009-0901 CNCVE ID：CNCVE-20090901 Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。 Microsoft活动模版库ATL处理ATL头字段存在问题，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 ATL头字段存在的一个错误允许攻击者对未正确初始化的VARIANT进行VariantClear调用，基于此攻击者可以提供破坏的流触发错误处理过程中来调用VariantClear而控制整个流程。此漏洞只影响安装了使用Visual Studio...