String Termination Vulnerability in Microsoft Visual Studio and Visual C++
CVE-2009-2495

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual C\+\+; Visual Studio .net; Visual Studio
Vendor: CVE Published:; 29 July 2009

What is CVE-2009-2495?

The Active Template Library (ATL) in various versions of Microsoft Visual Studio and Visual C++ fails to enforce proper string termination. This oversight allows remote attackers to exploit a crafted HTML document containing an ATL component or control, leading to a buffer over-read. This vulnerability is primarily related to ATL headers and buffer allocation, potentially exposing sensitive information to unauthorized users.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://www.vupen.com/english/advisories/2009/2034

vdb-entryx_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

42% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2009
Vulnerability Reserved
Jul 17, 2009