String Termination Vulnerability in Microsoft Visual Studio and Visual C++
CVE-2009-2495

Currently unrated

Key Information:

Vendor

Microsoft
Status
Visual C\+\+
Visual Studio .net
Visual Studio
Vendor
CVE Published:
29 July 2009

What is CVE-2009-2495?

The Active Template Library (ATL) in various versions of Microsoft Visual Studio and Visual C++ fails to enforce proper string termination. This oversight allows remote attackers to exploit a crafted HTML document containing an ATL component or control, leading to a buffer over-read. This vulnerability is primarily related to ATL headers and buffer allocation, potentially exposing sensitive information to unauthorized users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...
vendor-advisoryx_refsource_SUNALERT
http://www.vupen.com/english/advisories/2009/2034
vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.