Arbitrary code can be executed on the remote host through Microsoft
Active Template Library.
The remote Windows host contains a version of the Microsoft Active
Template Library (ATL), included as part of Visual Studio or Visual C++,
that is affected by multiple vulnerabilities :
- A remote code execution issue affects the Microsoft
Video ActiveX Control due to the a flaw in the function
'CComVariant::ReadFromStream' used in the ATL header,
which fails to properly restrict untrusted data read
from a stream. (CVE-2008-0015)
- A remote code execution issue exists in the Microsoft
Active Template Library due to an error in the 'Load'
method of the 'IPersistStreamInit' interface, which
could allow calls to 'memcpy' with untrusted data.
- An issue in the ATL headers could allow an attacker to
force VariantClear to be called on a VARIANT that has
not been correctly initialized and, by supplying a
corrupt stream, to execute arbitrary code.
- Unsafe usage of 'OleLoadFromStream' could allow
instantiation of arbitrary objects which can bypass
related security policy, such as kill bits within
Internet Explorer. (CVE-2009-2493)
- A bug in the ATL header could allow reading a variant
from a stream and leaving the variant type read with
an invalid variant, which could be leveraged by an
attacker to execute arbitrary code remotely.
See also :
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true