SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Active Template Library (ATL) Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022712
SecurityTracker URL:  http://securitytracker.com/id/1022712
CVE Reference:   CVE-2008-0020, CVE-2009-2494   (Links to External Site)
Date:  Aug 11 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP2, 2008 SP2; and prior service packs
Description:   Two vulnerabilities were reported in Microsoft Active Template Library (ATL). A remote user can cause arbitrary code to be executed on the target user's system. Several products and components that use ATL are affected.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an error in the Load method of the IPersistStreamInit interface to invoke a memcopy with user-supplied data, causing arbitrary code to be executed [CVE-2008-0020]. The code will run with the privileges of the target user.

Robert Freeman of IBM ISS X-Force reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory free error and execute arbitrary code on the target system [CVE-2009-2494]. The code will run with the privileges of the target user.

Ryan Smith of VeriSign iDefense Labs reported this vulnerability.

Affected components include Microsoft Outlook Express, Windows Media Player, the DHTML Editing Component ActiveX Control, the Microsoft MSWebDVD ActiveX Control, and the Windows ATL Component.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4, Microsoft Outlook Express 5.5 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6f9fcbe9-8496-4d23-8a16-b334157688c2

Microsoft Windows 2000 Service Pack 4, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?familyid=bd7c9fc4-61cb-4c23-9961-6d63f234731c

Microsoft Windows 2000 Service Pack 4, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=c773149a-f4fc-486a-b718-6b8ff7a36ae2

Microsoft Windows 2000 Service Pack 4, DHTML Editing Component ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=223e25d2-83d7-4cb7-85c4-46a42b8110e0

Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?familyid=c67b5506-00ea-47cc-a0e8-897057b7380c

Windows XP Service Pack 2, Windows Media Player 9, Windows Media Player 10, and Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=34b2b14d-5811-4635-ba83-f837dcb03d04

Windows XP Service Pack 3, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?familyid=ec84c98b-6bc7-442f-9280-d6e204280b2f

Windows XP Service Pack 3, Windows Media Player 10, and Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=ec84c98b-6bc7-442f-9280-d6e204280b2f

Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=4b4c6fc5-e8e6-4d89-a181-e231240468f9

Windows XP Service Pack 2 and Windows XP Service Pack 3, DHTML Editing Component ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=bdfcd0c3-7c18-4e63-91dd-d8f82cd89592

Windows XP Service Pack 2 and Windows XP Service Pack 3, Microsoft MSWebDVD ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=8b71bcc9-5146-4afc-8847-0af21d7fad36

Windows XP Professional x64 Edition Service Pack 2, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?familyid=ede1a73a-e303-435e-a2c7-0281ce2370da

Windows XP Professional x64 Edition Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?familyid=bb98187a-8db9-47e4-88ac-15544c5268f6

Windows XP Professional x64 Edition Service Pack 2, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=9e8b9027-4407-4c31-a2ba-9e094557d467

Windows XP Professional x64 Edition Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=2f2b93fc-f977-4f23-af90-c27f744fad0a

Windows XP Professional x64 Edition Service Pack 2, DHTML Editing Component ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=d04a6959-41a4-4a87-b3ad-7455d8fe8b99

Windows XP Professional x64 Edition Service Pack 2, Microsoft MSWebDVD ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=85b2dcdb-cea9-4c4a-8ebd-50264e781ade

Windows Server 2003 Service Pack 2, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?familyid=3119ab1e-6729-40a1-b28f-0dab50502be6

Windows Server 2003 Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?familyid=ab054890-983b-4414-ad0a-da1b2d2a4895

Windows Server 2003 Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=7d9369b5-0c54-4c17-bc62-fba0a7b4728c

Windows Server 2003 Service Pack 2, DHTML Editing Component ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=bfc474c2-e3c5-40df-85d4-4ac666ff0561

Windows Server 2003 Service Pack 2, Microsoft MSWebDVD ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=301ad191-8d3f-41d3-b41c-e2e863893f73

Windows Server 2003 x64 Edition Service Pack 2, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?familyid=17bd00e3-810c-4a72-bd13-1b55ffb52a5e

Windows Server 2003 x64 Edition Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?familyid=5890233a-d8f7-490c-8bf5-3ed4bd1c6991

Windows Server 2003 x64 Edition Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=90e0e014-ed7e-498a-9f61-18bb09a384b3

Windows Server 2003 x64 Edition Service Pack 2, DHTML Editing Component ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=9f502d79-99a8-45dc-9876-2df27e14ffaa

Windows Server 2003 x64 Edition Service Pack 2, Microsoft MSWebDVD ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=2ae71a65-5eee-4dd2-bc79-b7c5a73022bc

Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?familyid=7978b921-c5b5-461f-a284-b9848f568aa9

Windows Server 2003 with SP2 for Itanium-based Systems, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=ad1791b3-8553-4433-a9f7-8b4f857665be

Windows Server 2003 with SP2 for Itanium-based Systems, DHTML Editing Component ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=82c0bb02-70ad-4605-a1f4-4698adf9f4ac

Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft MSWebDVD ActiveX Control:

http://www.microsoft.com/downloads/details.aspx?familyid=5b8a8958-c3cd-4b24-85a2-1baacf92d218

Windows Vista, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=3766aed9-93f5-478e-a5bf-b7ee0b577088

Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=3766aed9-93f5-478e-a5bf-b7ee0b577088

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=80de158d-157e-4c21-9154-c1dbd6e57cb3

Windows Vista x64 Edition, Windows Vista , Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=64edbd64-9faa-4f54-b0d5-836c683ca7cd

Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=64edbd64-9faa-4f54-b0d5-836c683ca7cd

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=82940d30-6a30-47ca-b184-2ac96e35c294

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=85d9e69f-99a2-467f-bf37-4b47466a12d4

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=ba423491-6c29-49f2-811b-ac3f9bbc58fc

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?familyid=9501c8c2-a526-4661-8cba-7847bace1aa0

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=b9311953-889a-415f-a396-250a005e95cd

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows ATL Component:

http://www.microsoft.com/downloads/details.aspx?familyid=e5612bb4-5f37-4b38-bd2e-f198c413371c

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-037.mspx (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC