ATL Uninitialized Object Remote Vulnerability
Gravité: : Critique
CVE Identifier: CVE-2009-0901,MS09-035,MS09-037,MS09-060
Date du conseil: 21 juillet 2015
Description
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1006134
Affected software and version:
- microsoft visual_c++ 2005
- microsoft visual_c++ 2008
- microsoft visual_studio 2005
- microsoft visual_studio 2008
- microsoft visual_studio_.net 2003