McAfee > Theat Center > Vulnerability Detail Page

Timeline

10/13/2009

Vendor has provided a patch.

Description

Cumulative Security Update of ActiveX Kill Bits (973525) The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker exploiting this vulnerability could gain the same user rights as the logged on user.

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

(MS09-055) ATL COM Initialization Vulnerability ActiveX Kill Bits (973525)

Signature identifier:

7198

Release date:

10/13/2009

McAfee Intrushield

Signature:

HTTP: Microsoft ATL COM Initialization Vulnerability ActiveX Kill Bits

Signature identifier:

0x40268900

Release date:

10/13/2009

First released in:

4.1.59, 5.1.29

McAfee Intrushield

Signature:

HTTP: Microsoft ATL COM Initialization Vulnerability ActiveX Kill Bits II

Signature identifier:

0x40268A00

Release date:

10/13/2009

First released in:

4.1.59, 5.1.29

McAfee Host IPS

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee Host IPS

Signature:

Suspicious ActiveX Control Instantiation by Internet Explorer (Oct. '09)

Signature identifier:

2236

Release date:

10/13/2009

First released in:

2925

Signature:

(MS09-055) ATL COM Initialization Vulnerability ActiveX Kill Bits (973525)

Signature identifier:

7198

Release date:

10/14/2009

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

The V-Flash of October 14th will contain remedies for this issue.

Signature:

MS09-055 - Cumulative Security Update of ActiveX Kill Bits (973525)

Signature identifier:

99033

Release date:

10/14/2009

Additional Resources

(MS09-055) ATL COM Initialization Vulnerability (973965)

http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx

All Information

Timeline -

10/13/2009

Vendor has provided a patch.

Description -

Cumulative Security Update of ActiveX Kill Bits (973525) The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker exploiting this vulnerability could gain the same user rights as the logged on user.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

(MS09-055) ATL COM Initialization Vulnerability ActiveX Kill Bits (973525)

Signature identifier:

7198

Release date:

10/13/2009

McAfee Intrushield

Signature:

HTTP: Microsoft ATL COM Initialization Vulnerability ActiveX Kill Bits

Signature identifier:

0x40268900

Release date:

10/13/2009

First released in:

4.1.59, 5.1.29

McAfee Intrushield

Signature:

HTTP: Microsoft ATL COM Initialization Vulnerability ActiveX Kill Bits II

Signature identifier:

0x40268A00

Release date:

10/13/2009

First released in:

4.1.59, 5.1.29

McAfee Host IPS

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee Host IPS

Signature:

Suspicious ActiveX Control Instantiation by Internet Explorer (Oct. '09)

Signature identifier:

2236

Release date:

10/13/2009

First released in:

2925

Signature:

(MS09-055) ATL COM Initialization Vulnerability ActiveX Kill Bits (973525)

Signature identifier:

7198

Release date:

10/14/2009

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

The V-Flash of October 14th will contain remedies for this issue.

Signature:

MS09-055 - Cumulative Security Update of ActiveX Kill Bits (973525)

Signature identifier:

99033

Release date:

10/14/2009

Additional Resources

Additional Resources -

(MS09-055) ATL COM Initialization Vulnerability (973965)

http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx