New Search

ATL Uninitialized Object Vulnerability

oval:org.mitre.oval:def:7581

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1 Visual Studio 2005 SP1 and 2008 Gold and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4 XP SP2 and SP3 Server 2003 SP2 Vista Gold SP1 and SP2 and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control related to ATL headers and error handling aka "ATL Uninitialized Object Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2009-0901
Product(s):
  • Microsoft Outlook Express 5.5
  • Microsoft Outlook Express 6.0
  • Windows Media Player 11
  • Microsoft Visual C++ 2005 Redistributable Package
  • Microsoft Visual C++ 2008 Redistributable Package
  • Microsoft Office Visio Viewer 2003
  • Microsoft Visio Viewer 2002
  • Microsoft Visual Studio 2008
  • Microsoft Office Visio Viewer 2007
  • Microsoft Outlook 2002
  • Microsoft Outlook 2007
  • Windows Media Player 9
  • Microsoft Visual Studio .NET 2003
  • Windows Media Player 10
  • Microsoft Visual Studio 2005
  • Microsoft Outlook 2003