Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11914
HistoryJul 29, 2009 - 12:00 a.m.

Microsoft Visual Studio ATL COM对象远程代码执行漏洞

2009-07-2900:00:00
Root
www.seebug.org
13

0.641 Medium

EPSS

Percentile

97.6%

JSON

Bugraq ID: 35828
CVE ID:CVE-2009-2493

Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。
Microsoft活动模版库(ATL)处理数据流对象实例化时ATL头存在错误,远程攻击者可以利用漏洞绕过IE等Kill-bits安全策略,并导致任意代码执行。
此漏洞只影响安装了使用Visual Studio ATL的组件和控件的系统。如果组件或控件使用ATL,不安全使用OleLoadFromStream允许任意对象实例化,可绕过相关的安全策略,如 Internet Explorer的Kill bits位。远程攻击者可以构建恶意WEB页,诱使用户打开来执行任意代码。

Microsoft Visual Studio 2008 SP1
Microsoft Visual Studio 2008 0
Microsoft Visual Studio 2005 Team Edition for Testers 0
Microsoft Visual Studio 2005 Team Edition for Developers 0
Microsoft Visual Studio 2005 Team Edition for Architects 0
Microsoft Visual Studio 2005 Team Edition 0
Microsoft Visual Studio 2005 Standard Edition 0
Microsoft Visual Studio 2005 Professional Edition 0
Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1
Microsoft Visual Studio 2005 SP1
Microsoft Visual Studio .NET 2003

Related

securityvulns 9
mskb 3
prion 1
nessus 20
cve 1
checkpoint_advisories 4
openvas 14
cert 1
f5 1
threatpost 1
freebsd 1
suse 3
securityvulns
securityvulns
Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525)
2009-10-13 00:00:00
iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability
2009-08-20 00:00:00
Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
2009-07-29 00:00:00
mskb
mskb
MS09-055: Cumulative Security Update of ActiveX Kill Bits
2020-04-13 02:02:28
MS09-035: Vulnerabilities in Visual Studio Active Template Libraries could allow remote code execution
2018-04-17 20:27:28
MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) could allow remote code execution
2019-11-06 02:17:02
prion
prion
Design/Logic Flaw
2009-07-29 17:30:00
nessus
nessus
MS09-055: Cumulative Security Update of ActiveX Kill Bits (973525)
2009-10-13 00:00:00
MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
2009-07-30 00:00:00
MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
2009-10-14 00:00:00
cve
cve
CVE-2009-2493
2009-07-29 17:30:00
checkpoint_advisories
checkpoint_advisories
Microsoft Outlook View ActiveX Controls Remote Code Execution (MS09-055; CVE-2009-2493)
2009-10-01 00:00:00
Microsoft ATL Multiple ActiveX Remote Code Executions (MS09-037; CVE-2008-0020; CVE-2009-2493; CVE-2009-2494)
2009-09-08 00:00:00
Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
2009-07-13 00:00:00
openvas
openvas
Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
2009-10-14 00:00:00
Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
2009-10-14 00:00:00
Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
2009-08-03 00:00:00
cert
cert
ActiveX controls built with Microsoft ATL fail to properly handle initialization data
2009-07-28 00:00:00
f5
f5
SOL10441 - Microsoft Active Template Library (ATL) vulnerabilities VU#456745
2009-08-17 00:00:00
threatpost
threatpost
OpenOffice Zaps Six Security Bugs
2010-02-18 15:09:26
freebsd
freebsd
openoffice.org -- multiple vulnerabilities
2006-08-24 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm
2009-11-04 15:26:34
remote code execution in java-1_5_0-ibm
2010-01-12 09:21:12
remote code execution in flash-player
2009-08-05 14:55:37

0.641 Medium

EPSS

Percentile

97.6%

JSON
Related for SSV:11914
securityvulns9mskb3prion1nessus20cve1checkpoint_advisories4openvas14cert1f51threatpost1freebsd1suse3