.

ATL COM Initialization Vulnerability

Posted on December 3rd, 2009 by admin

Description -

A vulnerability in Microsoft Active Template Library (ATL) ActiveX Controls may allow remote code execution. The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka “ATL COM Initialization Vulnerability.” An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker exploiting this vulnerability could gain the same user rights as the logged on user.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx

McAfee Product Mitigation

McAfee Foundstone
Signature:
(MS09-060) ATL COM Initialization Vulnerability (973965)
Signature identifier:
7206
Release date:
10/13/2009
McAfee Intrushield
Signature:
HTTP: Microsoft Visual Studio ATL Uninitialized Object Vulnerability
Signature identifier:
0×40264900
Release date:
7/6/2009
First released in:
UDS and 4.1.55.4, 5.1.25.4
McAfee Host IPS
Signature:
Generic Buffer Overflow Protection
Signature identifier:
428
Release date:
8/24/2000
First released in:
2.0
Signature:
(MS09-060) ATL COM Initialization Vulnerability (973965)
Signature identifier:
7206
Release date:
10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
Signature:
Generic Buffer Overflow Protection

The V-Flash of October 14th will contain remedies for this issue.

Signature:
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
Signature identifier:
98961
Release date:
10/14/2009
Release date:
10/14/2009
 
Posted in ATL COM Initialization Vulnerability

Comments

No comments so far.

Leave a Reply

 
(will not be published)
 
 
 
 
 
Blogroll
Tags

Resources