Remote Code Execution in Microsoft Visual Studio Components and Windows OS
CVE-2009-0901

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual C\+\+; Visual Studio .net; Visual Studio
Vendor: CVE Published:; 29 July 2009

What is CVE-2009-0901?

A vulnerability exists in the Active Template Library (ATL) of Microsoft Visual Studio and Windows operating systems. This issue arises due to the failure to adequately handle calls to VariantClear on an uninitialized VARIANT. Malicious actors could exploit this flaw by sending a malformed data stream to an ATL component or control, which may lead to the execution of arbitrary code on the vulnerable system. Such exploits can compromise user data and further extend the attack to other networked systems.

References

http://www.adobe.com/support/security/bulletins/apsb09-11...

x_refsource_CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://www.securityfocus.com/bid/35832

vdb-entryx_refsource_BID

EPSS Score

67% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2009
Vulnerability Reserved
Mar 14, 2009