ATL COM Initialization Remote Vulnerability
Gravité: : Critique
CVE Identifier: CVE-2009-2493,MS09-060,MS09-055,MS09-072,MS09-037,MS09-035
Date du conseil: 21 juillet 2015
Description
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1003764
Trend Micro Deep Security DPI Rule Name: 1003764 - ATL COM Initialization Vulnerability - ActiveX
Affected software and version:
- microsoft visual_c++ 2005
- microsoft visual_c++ 2008
- microsoft visual_studio 2005
- microsoft visual_studio 2008
- microsoft visual_studio_.net 2003