ATL COM Initialization Remote Vulnerability
Gravità: : Critico
CVE Identifier: CVE-2009-2493,MS09-060,MS09-055,MS09-072,MS09-037,MS09-035
Data notifica: 21 luglio 2015
Descrizione
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1003764
Trend Micro Deep Security DPI Rule Name: 1003764 - ATL COM Initialization Vulnerability - ActiveX
Software e versione interessati:
- microsoft visual_c++ 2005
- microsoft visual_c++ 2008
- microsoft visual_studio 2005
- microsoft visual_studio 2008
- microsoft visual_studio_.net 2003