MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through Microsoft
Active Template Library.

Description :

The remote Windows host contains a version of the Microsoft Active
Template Library (ATL), included as part of Visual Studio or Visual
C++, that is affected by multiple vulnerabilities :

- On systems with components and controls installed that
were built using Visual Studio ATL, an issue in the ATL
headers could allow an attacker to force VariantClear
to be called on a VARIANT that has not been correctly
initialized and, by supplying a corrupt stream, to
execute arbitrary code. (CVE-2009-0901)

- On systems with components and controls installed that
were built using Visual Studio ATL, unsafe usage of
OleLoadFromStream could allow instantiation of
arbitrary objects that can bypass related security
policy, such as kill bits within Internet Explorer.
(CVE-2009-2493)

- On systems with components and controls installed that
were built using Visual Studio ATL, an issue in the ATL
headers could allow a string to be read without a
terminating NULL character, which could lead to
disclosure of information in memory. (CVE-2009-2495)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS09-035

Solution :

Microsoft has released a set of patches for Visual Studio .NET 2003,
Visual Studio 2005 and 2008, as well as Visual C++ 2005 and 2008.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 40435 ()

Bugtraq ID: 35828
35830
35832

CVE ID: CVE-2009-0901
CVE-2009-2493
CVE-2009-2495