MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through Microsoft
Office ActiveX controls.

Description :

One or more ActiveX controls included in Microsoft Outlook or Visio
and installed on the remote Windows host was compiled with a version
of Microsoft Active Template Library (ATL) that is affected by
potentially several vulnerabilities :

- An issue in the ATL headers could allow an attacker to
force VariantClear to be called on a VARIANT that has
not been correctly initialized and, by supplying a
corrupt stream, to execute arbitrary code.
(CVE-2009-0901)

- Unsafe usage of 'OleLoadFromStream' could allow
instantiation of arbitrary objects which can bypass
related security policy, such as kill bits within
Internet Explorer. (CVE-2009-2493)

- An attacker who is able to run a malicious component or
control built using Visual Studio ATL can, by
manipulating a string with no terminating NULL byte,
read extra data beyond the end of the string and thus
disclose information in memory. (CVE-2009-2495)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS09-060

Solution :

Microsoft has released a set of patches for Microsoft Outlook 2002,
2003, and 2007 as well as Visio Viewer 2007.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 42116 ()

Bugtraq ID: 35828
35830
35832

CVE ID: CVE-2009-0901
CVE-2009-2493
CVE-2009-2495