← Back
CVE-2009-0901
high
CVSS 8.8
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005...
Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005...
AI summary openai / gpt-4o
Microsoft Visual Studio .NETやVisual C++のActive Template Library (ATL)の脆弱性により、未初期化のVARIANTへのVariantClear呼び出しが不適切に処理され、遠隔からの攻撃者が任意のコードを実行する可能性があります。影響を受けるのは、特定のATLコンポーネントやコントロールを使用するシステムです。
❓ What is the problem
Microsoft Visual StudioとVisual C++のActive Template Library (ATL)における未初期化オブジェクトの脆弱性。
📍 Affected scope
Active Template Library (ATL) が含まれるMicrosoft Visual Studio .NET 2003, 2005, 2008及びWindows 2000, XP, Server 2003, Vista, Server 2008。
🔥 Severity
遠隔から任意のコードが実行される可能性があるため、非常に深刻です。
🔧 How to fix
アドビ社の提供するパッチ http://www.adobe.com/support/security/advisories/apsa09-04.html などを適用して改善。
🛡️ Workaround
情報なし。
🔍 Detection
影響を受けたシステムで未初期化のVARIANTがある場合に確認。
References
- web http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
- web http://marc.info/?l=bugtraq&m=126592505426855&w=2
- web http://secunia.com/advisories/35967
- web http://secunia.com/advisories/36187
- web http://secunia.com/advisories/36374
- web http://secunia.com/advisories/36746
- web http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
- web http://www.adobe.com/support/security/advisories/apsa09-04.html
- web http://www.adobe.com/support/security/bulletins/apsb09-10.html
- web http://www.adobe.com/support/security/bulletins/apsb09-11.html
- web http://www.adobe.com/support/security/bulletins/apsb09-13.html
- web http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
- web http://www.securityfocus.com/bid/35832
- web http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- web http://www.us-cert.gov/cas/techalerts/TA09-223A.html
- web http://www.us-cert.gov/cas/techalerts/TA09-286A.html
- web http://www.vupen.com/english/advisories/2009/2034
- web http://www.vupen.com/english/advisories/2009/2232
- web https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
- web https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
- web https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
- web https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
- web https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
- web https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
- web https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581
- web https://nvd.nist.gov/vuln/detail/CVE-2009-0901
- web https://github.com/advisories/GHSA-5q85-2xfh-7gpf