7 matches found
CVE-2009-0901
CVE-2009-0901 describes a remote code execution vulnerability in Microsoft Active Template Library (ATL) used by Visual Studio and Windows components. The issue arises when ATL headers mishandle uninitialized VARIANTs, allowing a specially crafted stream to trigger VariantClear on an uninitialize...
CVE-2010-3190
CVE-2010-3190 affects the Microsoft Foundation Class (MFC) library used by Visual Studio (2003 SP1; 2005 SP1/2008 SP1/2010) and Exchange Server 2010/2013. Vulnerability arises from untrusted search path loading of dwmapi.dll in the current working directory, enabling local privilege escalation th...
CVE-2009-2493
CVE-2009-2493 : Microsoft’s ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...
CVE-2009-2495
CVE-2009-2495 is part of the ATL mathing family addressed by Microsoft in MS09-035/MS09-060. The vulnerability is the ATL Null String Vulnerability, where an attacker could read memory beyond the end of a string due to improper termination in ATL-based components/controls built with Visual Studio...
CVE-2011-1280
CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...
CVE-2011-1976
CVE-2011-1976 is a cross-site scripting (XSS) vulnerability in the Report Viewer Controls for Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1. Affected component is Microsoft.ReportViewer.WebForms.dll; attacker-controlled input via the TimerMethod URL parameter is incorporated into a ...
CVE-2014-3802
The CVE-2014-3802 issue affects msdia.dll (Microsoft Debug Interface Access Library) in Visual Studio prior to 2013. The root cause is a failure to validate an unspecified variable when calculating a dynamic-call address while parsing PDB files, leading to memory corruption. Impact per sources: r...