Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1022610 |
|
SecurityTracker URL: http://securitytracker.com/id/1022610
|
|
CVE Reference:
CVE-2009-0901, CVE-2009-2493, CVE-2009-2495
(Links to External Site)
|
Updated: Dec 8 2009
|
Original Entry Date: Jul 28 2009
|
Impact:
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): .NET 2003 SP1, 2005 SP1, 2008 SP1; and prior service packs
|
Description:
Several vulnerabilities were reported in Microsoft Visual Studio. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will trigger a flaw in the Microsoft Active Template Library (ATL) and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted ATL header can cause the VariantClear() function to be called on an incorrectly initialized VARIANT [CVE-2009-0901].
A specially crafted ATL header can invoke OleLoadFromStream() to instantiate arbitrary objects that can bypass related security policy [CVE-2009-2493].
A specially crafted string without a terminating NULL character may allow a remote user to obtain potentially sensitive information [CVE-2009-2495].
David Dewey of IBM ISS X-Force reported one of the vulnerabilities. Ryan Smith of VeriSign iDefense Labs reported the other two vulnerabilities.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system or access potentially sensitive information on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Visual Studio .NET 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=63ce454e-f69c-4
4e3-89fb-eb23c2e2154e
Microsoft Visual Studio 2005 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=7c8729dc-06a2-4538-a90d-ff9464dc0197
Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools:
http://www.microsoft.com/downloads/details.aspx?familyid=43f96f2a-69c6-4c5e-b72c-0edfa3
5f4fc2
Microsoft Visual Studio 2008:
http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd-469d-baea-a4306270462c
Microsoft Visual Studio 2008 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94-49fb-a014-9a38580e64cb
Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2
Microsoft Visual C++ 2008 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4-4b6b-9ac5-687ca0770f93
Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c
A restart may be required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
On August 11, 2009, Bulletin re-released their Bulletin to offer new updates for Microsoft Visual Studio 2005 Service Pack 1 (KB973673), Microsoft Visual Studio 2008 (KB973674), and Microsoft Visual Studio 2008 Service Pack 1 (KB973675), for developers who use Visual Studio to create components and controls for mobile applications using ATL for Smart Devices.
On August 11, 2009, Microsoft issued a fix (MS09-037) for the underlying Active Template Library vulnerability [CVE-2009-0901, CVE-2009-2493], described in the vendor's advisory at:
http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx
On October 13, 2009, Microsoft issued a fix (MS09-055) that sets the killbit for CVE-2009-2493 on several Microsoft Windows operating systems, described in the vendor's advisory at:
http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx
On October 13, 2009, Microsoft issued a fix (MS09-060) for Microsoft Office, described in the vendor's advisory at:
http://www.microsoft.com/technet/security/Bulletin/MS09-060.mspx
On December 8, 2009, Microsoft issued a fix (MS09-072) for CVE-2009-2493 for Microsoft Internet Explorer, described in the vendor's advisory at:
http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms09-035.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
