MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.

Synopsis :

Arbitrary code can be executed on the remote host through Microsoft
Office ActiveX controls.

Description :

One or more ActiveX controls included in Microsoft Outlook or Visio
and installed on the remote Windows host was compiled with a version
of Microsoft Active Template Library (ATL) that is affected by
potentially several vulnerabilities :

- An issue in the ATL headers could allow an attacker to
force VariantClear to be called on a VARIANT that has
not been correctly initialized and, by supplying a
corrupt stream, to execute arbitrary code.

- Unsafe usage of 'OleLoadFromStream' could allow
instantiation of arbitrary objects which can bypass
related security policy, such as kill bits within
Internet Explorer. (CVE-2009-2493)

- An attacker who is able to run a malicious component or
control built using Visual Studio ATL can, by
manipulating a string with no terminating NULL byte,
read extra data beyond the end of the string and thus
disclose information in memory. (CVE-2009-2495)

See also :

Solution :

Microsoft has released a set of patches for Microsoft Outlook 2002,
2003, and 2007 as well as Visio Viewer 2007.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 42116 ()

Bugtraq ID: 35828

CVE ID: CVE-2009-0901

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now