How to Buy
This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through Microsoft
Active Template Library.
The remote Windows host contains a version of the Microsoft Active
Template Library (ATL), included as part of Visual Studio or Visual C++,
that is affected by multiple vulnerabilities :
- A remote code execution issue affects the Microsoft
Video ActiveX Control due to the a flaw in the function
'CComVariant::ReadFromStream' used in the ATL header,
which fails to properly restrict untrusted data read
from a stream. (CVE-2008-0015)
- A remote code execution issue exists in the Microsoft
Active Template Library due to an error in the 'Load'
method of the 'IPersistStreamInit' interface, which
could allow calls to 'memcpy' with untrusted data.
- An issue in the ATL headers could allow an attacker to
force VariantClear to be called on a VARIANT that has
not been correctly initialized and, by supplying a
corrupt stream, to execute arbitrary code.
- Unsafe usage of 'OleLoadFromStream' could allow
instantiation of arbitrary objects which can bypass
related security policy, such as kill bits within
Internet Explorer. (CVE-2009-2493)
- A bug in the ATL header could allow reading a variant
from a stream and leaving the variant type read with
an invalid variant, which could be leveraged by an
attacker to execute arbitrary code remotely.
See also :
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.4
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 40556 ()
Bugtraq ID: 3555835585358283583235982
CVE ID: CVE-2008-0015CVE-2008-0020CVE-2009-0901CVE-2009-2493CVE-2009-2494
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.