SAINT CorporationSAINT:8FBDF77614BE31A34B6C4E1E6703BBDAVisual Studio Active Template Library uninitialized object
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.945 High
EPSS
Percentile
99.2%
Added: 07/30/2009
CVE: CVE-2009-0901
BID: 35832
OSVDB: 56696
Background
Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library (ATL), which is a set of template-based C++ classes, to help simplify the programming of Component Object Model (COM) objects.
Problem
A flaw in the way the Microsoft Active Template Library (ATL) handles certain ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized, leading to command execution when a user opens a specially crafted web page.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 09-035.
References
<http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx>
Limitations
Exploit works on Microsoft Visual Studio 2005 and requires a user to load the exploit page in Internet Explorer 6 or 7. In order for the exploit to succeed, Internet Explorer must have the option βInitialize and script ActiveX controls not marked as safeβ set to βEnableβ, because the affected ActiveX control is marked not safe. Also note that, due to the nature of the vulnerability, the exploit only works when the exploit server is specified as an IP address rather than a host/domain name.
Platforms
Windows XP
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.945 High
EPSS
Percentile
99.2%