CVE-2009-2493

HIGH

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

References

http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

http://marc.info/?l=bugtraq&m=126592505426855&w=2

http://secunia.com/advisories/35967

http://secunia.com/advisories/36187

http://secunia.com/advisories/36374

http://secunia.com/advisories/36746

http://secunia.com/advisories/38568

http://secunia.com/advisories/41818

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1

http://www.adobe.com/support/security/advisories/apsa09-04.html

http://www.adobe.com/support/security/bulletins/apsb09-10.html

http://www.adobe.com/support/security/bulletins/apsb09-11.html

http://www.adobe.com/support/security/bulletins/apsb09-13.html

http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1

http://www.openoffice.org/security/cves/CVE-2009-2493.html

http://www.us-cert.gov/cas/techalerts/TA09-195A.html

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

http://www.us-cert.gov/cas/techalerts/TA09-342A.html

http://www.vupen.com/english/advisories/2009/2034

http://www.vupen.com/english/advisories/2009/2232

http://www.vupen.com/english/advisories/2010/0366

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716

Details

Source: MITRE

Published: 2009-07-29

Updated: 2018-10-12

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
108811Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)NessusWindows
critical
51731SuSE 10 Security Update : flash-player (ZYPP Patch Number 6386)NessusSuSE Local Security Checks
high
49863SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)NessusSuSE Local Security Checks
high
44922FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46)NessusFreeBSD Local Security Checks
high
5339OpenOffice < 3.2 Multiple VulnerabilitiesNessus Network MonitorGeneric
medium
44597Sun OpenOffice.org < 3.2 Multiple VulnerabilitiesNessusWindows
high
43822SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)NessusSuSE Local Security Checks
high
43599SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)NessusSuSE Local Security Checks
high
43064MS09-072: Cumulative Security Update for Internet Explorer (976325)NessusWindows : Microsoft Bulletins
high
42396SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497)NessusSuSE Local Security Checks
critical
42116MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)NessusWindows : Microsoft Bulletins
high
42111MS09-055: Cumulative Security Update of ActiveX Kill Bits (973525)NessusWindows : Microsoft Bulletins
medium
42001openSUSE 10 Security Update : flash-player (flash-player-6387)NessusSuSE Local Security Checks
high
41392SuSE 11 Security Update : flash-player (SAT Patch Number 1149)NessusSuSE Local Security Checks
high
40556MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)NessusWindows : Microsoft Bulletins
high
40489openSUSE Security Update : flash-player (flash-player-1148)NessusSuSE Local Security Checks
high
40488openSUSE Security Update : flash-player (flash-player-1148)NessusSuSE Local Security Checks
high
40435MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)NessusWindows : Microsoft Bulletins
high
40434Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10)NessusWindows
high
40421Shockwave Player < 11.5.0.601 Multiple Vulnerabilities (APSB09-11)NessusWindows
high