OLE Object Instantiation Vulnerability in Microsoft Visual Studio and Windows
CVE-2009-2493

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual C\+\+
Vendor: CVE Published:; 29 July 2009

What is CVE-2009-2493?

The vulnerability resides in the Active Template Library (ATL), which does not securely restrict the use of OleLoadFromStream. This flaw allows attackers to instantiate objects from potentially malicious data streams, enabling the execution of arbitrary code when users open specially crafted HTML documents that contain these ATL components. Proper security measures and restrictions put in place by the software are bypassed, leading to risks of unauthorized access and control over affected systems.

References

http://www.adobe.com/support/security/bulletins/apsb09-11...

x_refsource_CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

28% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2009
Vulnerability Reserved
Jul 17, 2009