Content
(MS09-060) ATL COM Initialization Vulnerability (973965)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2009-2493,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP2,
- Windows XP X64 Professional,
- Windows Server 2003 2003 SP2,
- Windows 2003 Server X64 SP2,
- Windows Vista SP1,
- Windows Vista SP2,
- Windows Vista X64 SP1,
- Windows Server 2008 RTM,
- Windows 7,
- Windows 7 x64,
- Visual Studio .Net 2003 SP1,
- Visual Studio .NET 2008,
- Summary
- A vulnerability in Microsoft Active Template Library (ATL) ActiveX Controls may allow remote code execution.
Tab Navigation
Description
A vulnerability in Microsoft Active Template Library (ATL) ActiveX Controls may allow remote code execution. The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker exploiting this vulnerability could gain the same user rights as the logged on user.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-060) ATL COM Initialization Vulnerability (973965)
- Signature identifier:
- 7206
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Visual Studio ATL Uninitialized Object Vulnerability
- Signature identifier:
- 0x40264900
- Release date:
- 7/6/2009
- First released in:
- UDS and 4.1.55.4, 5.1.25.4
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-060) ATL COM Initialization Vulnerability (973965)
- Signature identifier:
- 7206
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
The V-Flash of October 14th will contain remedies for this issue.
- Signature:
- Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
- Signature identifier:
- 98961
- Release date:
- 10/14/2009
- Release date:
- 10/14/2009
Additional Resources
(MS09-060) ATL COM Initialization Vulnerability (973965)
http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Active Template Library (ATL) ActiveX Controls may allow remote code execution. The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker exploiting this vulnerability could gain the same user rights as the logged on user.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-060) ATL COM Initialization Vulnerability (973965)
- Signature identifier:
- 7206
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Visual Studio ATL Uninitialized Object Vulnerability
- Signature identifier:
- 0x40264900
- Release date:
- 7/6/2009
- First released in:
- UDS and 4.1.55.4, 5.1.25.4
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-060) ATL COM Initialization Vulnerability (973965)
- Signature identifier:
- 7206
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
The V-Flash of October 14th will contain remedies for this issue.
- Signature:
- Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
- Signature identifier:
- 98961
- Release date:
- 10/14/2009
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
(MS09-060) ATL COM Initialization Vulnerability (973965)
http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx
