|
| |
|
Read about spam and spammers in our About Spam section.
|
| | |
|
|
| |
Home / Hackers / About Hackers / Software Vulnerabilities / Examples and Descriptions / SA35967
Microsoft Visual Studio Active Template Library Three Vulnerabilities
| Secunia ID |
SA35967
|
| CVE-ID |
CVE-2009-0901, CVE-2009-2493, CVE-2009-2495
|
| Release Date |
28 Jul 2009
|
| Last Change |
12 Jan 2010
|
| Criticality |
Moderately Critical
Typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction.
This rating is also used for vulnerabilities allowing system compromise on LANs in services like SMB, RPC, NFS, LPD and similar services that are not intended for use over the Internet.
|
| Solution Status |
Vendor Patch
|
| Software |
Microsoft Visual C++ 2005 Redistributable Package (x86)
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools
Microsoft Visual Studio 2008
|
| Where |
From remote
"From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network.
This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.
|
| Impact |
System access
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Security Bypass
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
|
| Description |
Some vulnerabilities have been reported in Microsoft Visual Studio, which can be exploited by malicious people to potentially bypass security features, gain knowledge of sensitive information, or compromise applications built using ATL (Active Template Library). 1) An error in the ATL headers when handling persisted streams can be exploited to cause VariantClear() to be called on a VARIANT that has not been correctly initialised. This can e.g. be exploited to corrupt memory via a web page passing a specially crafted stream to a vulnerable control. Successful exploitation may allow execution of arbitrary code. 2) An error in the ATL headers when handling object instantiation from data streams may allow bypassing of security policies such as kill-bits in Internet Explorer if a control or component uses OleLoadFromStream() in an unsafe manner. 3) An error in ATL may result in a string being read without terminating NULL bytes, which can be exploited to disclose memory contents beyond the end of the string.
|
| Solution |
Apply patches. Microsoft Visual Studio .NET 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=63ce454e-f69c-44e3-89fb-eb23c2e2154e Microsoft Visual Studio 2005 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7c8729dc-06a2-4538-a90d-ff9464dc0197 Microsoft Visual Studio 2005 SP1 64-bit Hosted Visual C++ Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=43f96f2a-69c6-4c5e-b72c-0edfa35f4fc2 Windows Embedded CE 6.0:
http://www.microsoft.com/downloads/details.aspx?familyid=99d114f8-4d95-4075-a0f1-45f498f0ade8 Microsoft Visual Studio 2008:
http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd-469d-baea-a4306270462c Microsoft Visual Studio 2008 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94-49fb-a014-9a38580e64cb Microsoft Visual C++ 2005 SP1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2 Microsoft Visual C++ 2008 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4-4b6b-9ac5-687ca0770f93 Microsoft Visual C++ 2008 SP1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c Microsoft Visual Studio 2005 SP1 when developing mobile applications:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d7ee45b-9892-41b5-ac08-5fde9cde1b42 Microsoft Visual Studio 2008 when developing mobile applications:
http://www.microsoft.com/downloads/details.aspx?familyid=e3bb6602-b7f4-4614-9999-77f5c6f66ccd Microsoft Visual Studio 2008 SP1 when developing mobile applications:
http://www.microsoft.com/downloads/details.aspx?familyid=75fbf397-5140-4961-92a9-78a88ba7228f NOTE: It is also necessary for developers to rebuild any components and controls created using a vulnerable version of the ATL library.
|
| Reported by |
1) The vendor credits David Dewey, IBM ISS X-Force.
2-3) The vendor credit Ryan Smith, iDefense Labs.
|
| Original Advisory |
MS09-035 (KB969706, KB971089, KB971090, KB971091, KB971092, KB973544, KB973551, KB973552, KB973830, KB973673, KB973674, KB973675):
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx
|
| | |
|
