CVE-2009-2495

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual C\+\+; Visual Studio .net; Visual Studio
Vendor: CVE Published:; 29 July 2009

Summary

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://www.vupen.com/english/advisories/2009/2034

vdb-entryx_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 29, 2009
Vulnerability Reserved
Jul 17, 2009

Collectors

NVD DatabaseMitre Database