SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Microsoft Visual Studio Vendors:   Microsoft
Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022610
SecurityTracker URL:  http://securitytracker.com/id/1022610
CVE Reference:   CVE-2009-0901, CVE-2009-2493, CVE-2009-2495   (Links to External Site)
Updated:  Dec 8 2009
Original Entry Date:  Jul 28 2009
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): .NET 2003 SP1, 2005 SP1, 2008 SP1; and prior service packs
Description:   Several vulnerabilities were reported in Microsoft Visual Studio. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a flaw in the Microsoft Active Template Library (ATL) and execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted ATL header can cause the VariantClear() function to be called on an incorrectly initialized VARIANT [CVE-2009-0901].

A specially crafted ATL header can invoke OleLoadFromStream() to instantiate arbitrary objects that can bypass related security policy [CVE-2009-2493].

A specially crafted string without a terminating NULL character may allow a remote user to obtain potentially sensitive information [CVE-2009-2495].

David Dewey of IBM ISS X-Force reported one of the vulnerabilities. Ryan Smith of VeriSign iDefense Labs reported the other two vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system or access potentially sensitive information on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Visual Studio .NET 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=63ce454e-f69c-4
4e3-89fb-eb23c2e2154e

Microsoft Visual Studio 2005 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=7c8729dc-06a2-4538-a90d-ff9464dc0197

Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools:

http://www.microsoft.com/downloads/details.aspx?familyid=43f96f2a-69c6-4c5e-b72c-0edfa3
5f4fc2

Microsoft Visual Studio 2008:

http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd-469d-baea-a4306270462c

Microsoft Visual Studio 2008 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94-49fb-a014-9a38580e64cb

Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package:

http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2

Microsoft Visual C++ 2008 Redistributable Package:

http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4-4b6b-9ac5-687ca0770f93

Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package:

http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

On August 11, 2009, Bulletin re-released their Bulletin to offer new updates for Microsoft Visual Studio 2005 Service Pack 1 (KB973673), Microsoft Visual Studio 2008 (KB973674), and Microsoft Visual Studio 2008 Service Pack 1 (KB973675), for developers who use Visual Studio to create components and controls for mobile applications using ATL for Smart Devices.

On August 11, 2009, Microsoft issued a fix (MS09-037) for the underlying Active Template Library vulnerability [CVE-2009-0901, CVE-2009-2493], described in the vendor's advisory at:

http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx

On October 13, 2009, Microsoft issued a fix (MS09-055) that sets the killbit for CVE-2009-2493 on several Microsoft Windows operating systems, described in the vendor's advisory at:

http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx

On October 13, 2009, Microsoft issued a fix (MS09-060) for Microsoft Office, described in the vendor's advisory at:

http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx

On December 8, 2009, Microsoft issued a fix (MS09-072) for CVE-2009-2493 for Microsoft Internet Explorer, described in the vendor's advisory at:

http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-035.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 28 2009 (Cisco Issues Advisory for Cisco Unity) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Unity 4.x, 5.x, and 7.x.
Jul 29 2009 (Adobe Issues Fix for Shockwave Player) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
Adobe has issued a fix for Shockwave Player for Windows.
Jul 29 2009 (Adobe Issues Fix for Flash Player) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
Adobe has issued a fix for Adobe Flash Player.
Aug 5 2009 (Sun Issues Fix for Sun Java Web Start) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
Sun has issued a fix for JRE/Java Web Start.
Oct 13 2009 (Microsoft Issues Killbit for Windows Operating Systems) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
Microsoft has issued a fix for several Microsoft Windows operating systems.
Oct 13 2009 (Microsoft Issues Fix for Office) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
Microsoft has issued a fix for Microsoft Office.
Dec 8 2009 (Microsot Issues Fix for IE) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
Microsoft has issued a fix for CVE-2009-2493 for Internet Explorer.
Feb 11 2010 (HP Issues Advisory for ProLiant Support) Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
HP has issued an advisory for HP ProLiant Support Pack for Windows.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC