Content

(MS09-060) ATL Uninitialized Object Vulnerability (973965)

Type
Logic error
Impact of exploitation
Remote Code Execution
User Interaction
user interaction is needed
Attack Vector
Website with malicious content
Rating
Medium
CVE reference
CVE-2009-0901,
Vendor Status
Responded and patched
Vulnerable systems
Visual Studio .Net  2003,
Visual Studio .Net  2005,
Visual Studio .NET  2008,
Visual C++  2005,
Visual C++  2008,
Summary
A vulnerability in Microsoft Visual Studio & Visual C++ may allow remote code execution.

Tab Navigation

Description

A vulnerability in Microsoft Visual Studio & Visual C++ may allow remote code execution. The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-035) Microsoft Visual Studio ATL Uninitialized Object Vulnerability (969706)
Signature identifier:
6901
Release date:
7/28/2009
McAfee Foundstone
Signature:
(MS09-060) ATL Uninitialized Object Vulnerability (973965)
Signature identifier:
7207
Release date:
10/13/2009
McAfee Intrushield
Signature:
HTTP: Microsoft Visual Studio ATL Uninitialized Object Vulnerability
Signature identifier:
0x40264900
Release date:
7/6/2009
First released in:
UDS and 4.1.55.4, 5.1.25.4
McAfee Host IPS
Signature:
Generic Buffer Overflow Protection

The Remedy V-Flash of 7/14/2009 contains remedies for Windows. Windows 2008 is currently not supported.

Release date:
7/14/2009

The V-Flash of October 14th will contain remedies for Office.

Signature:
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965
Signature identifier:
98961
Release date:
10/14/2009

Additional Resources

Microsoft Security Advisory (973882) Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/973882.mspx

Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

Microsoft Security Bulletin Advance Notification for July 2009

http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx

Microsoft Security Bulletin MS09-060 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

All Information

Timeline -

10/13/2009

Vendor has provided a patch.

7/28/2009

Vendor has provided a patch.

7/28/2009

Vendor has provided a patch.

7/24/2009

Vendor has provided information on the vulnerability.

Description -

A vulnerability in Microsoft Visual Studio & Visual C++ may allow remote code execution. The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-035) Microsoft Visual Studio ATL Uninitialized Object Vulnerability (969706)
Signature identifier:
6901
Release date:
7/28/2009
McAfee Foundstone
Signature:
(MS09-060) ATL Uninitialized Object Vulnerability (973965)
Signature identifier:
7207
Release date:
10/13/2009
McAfee Intrushield
Signature:
HTTP: Microsoft Visual Studio ATL Uninitialized Object Vulnerability
Signature identifier:
0x40264900
Release date:
7/6/2009
First released in:
UDS and 4.1.55.4, 5.1.25.4
McAfee Host IPS
Signature:
Generic Buffer Overflow Protection

The Remedy V-Flash of 7/14/2009 contains remedies for Windows. Windows 2008 is currently not supported.

Release date:
7/14/2009

The V-Flash of October 14th will contain remedies for Office.

Signature:
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965
Signature identifier:
98961
Release date:
10/14/2009

Additional Resources

Additional Resources -

Microsoft Security Advisory (973882) Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/973882.mspx

Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

Microsoft Security Bulletin Advance Notification for July 2009

http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx

Microsoft Security Bulletin MS09-060 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx