The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

One or more ActiveX controls included in Microsoft Outlook or Visio and installed on the remote Windows host was compiled with a version of Microsoft Active Template Library (ATL) that is affected by potentially several vulnerabilities :

  - An issue in the ATL headers could allow an attacker to     force VariantClear to be called on a VARIANT that has     not been correctly initialized and, by supplying a     corrupt stream, to execute arbitrary code.
    (CVE-2009-0901)

  - Unsafe usage of 'OleLoadFromStream' could allow     instantiation of arbitrary objects which can bypass     related security policy, such as kill bits within     Internet Explorer. (CVE-2009-2493)

  - An attacker who is able to run a malicious component or     control built using Visual Studio ATL can, by     manipulating a string with no terminating NULL byte,     read extra data beyond the end of the string and thus     disclose information in memory. (CVE-2009-2495)

The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities :

  - On systems with components and controls installed that     were built using Visual Studio ATL, an issue in the ATL     headers could allow an attacker to force VariantClear     to be called on a VARIANT that has not been correctly     initialized and, by supplying a corrupt stream, to     execute arbitrary code. (CVE-2009-0901)

  - On systems with components and controls installed that     were built using Visual Studio ATL, unsafe usage of     OleLoadFromStream could allow instantiation of     arbitrary objects that can bypass related security     policy, such as kill bits within Internet Explorer.
    (CVE-2009-2493)

  - On systems with components and controls installed that     were built using Visual Studio ATL, an issue in the ATL     headers could allow a string to be read without a     terminating NULL character, which could lead to     disclosure of information in memory. (CVE-2009-2495)

The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.0.601. Such versions were compiled against a version of Microsoft's Active Template Library (ATL) that contained a vulnerability. If an attacker can trick a user of the affected software into opening such a file, this issue could be leveraged to execute arbitrary code with the privileges of that user.

ID	Name	Product	Family	Severity
42116	MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)	Nessus	Windows : Microsoft Bulletins	high
40435	MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)	Nessus	Windows : Microsoft Bulletins	high
40421	Shockwave Player < 11.5.0.601 Multiple Vulnerabilities (APSB09-11)	Nessus	Windows	high

Detections

Analytics

CVE-2009-2495

high

Tenable Plugins

high

high

high