Definition
New Search
ATL Null String Vulnerability
oval:org.mitre.oval:def:6305
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1 Visual Studio 2005 SP1 and 2008 Gold and SP1 and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read related to ATL headers and buffer allocation aka "ATL Null String Vulnerability."
Family:
windows
Status:
DEPRECATED
Platform(s):
- Microsoft Windows Vista
- Microsoft Windows Server 2003
- Microsoft Windows 2000
- Microsoft Windows Server 2008
- Microsoft Windows XP
Class:
vulnerability
Reference(s):
- CVE-2009-2495
Product(s):
- Microsoft Visual Studio .NET 2003
- Microsoft Visual Studio 2005
- Microsoft Visual C++ 2005 Redistributable Package
- Microsoft Visual Studio 2008
- Microsoft Visual C++ 2008 Redistributable Package