| VID |
26444 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix (MS09-037, 973908) for the Aug. 2009 'Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution' has not been applied. This patch replaces the one that is provided in Microsoft Security Bulletin (MS08-048/26364, MS07-047/936782 , MS05-013/26121), which is itself a cumulative update and resolves newly discovered public vulnerability:
Arbitrary code can be executed on the remote host through Microsoft Active Template Library.
The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities :
- A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function 'CComVariant::ReadFromStream' used in the ATL header, which fails to properly restrict untrusted data read from a stream. (CVE-2008-0015)
- A remote code execution issue exists in the Microsoft Active Template Library due to an error in the 'Load' method of the 'IPersistStreamInit' interface, which could allow calls to 'memcpy' with untrusted data. (CVE-2008-0020)
- An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901)
- Unsafe usage of 'OleLoadFromStream' could allow instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493)
- A bug in the ATL header could allow reading a variant from a stream and leaving the variant type read with an invalid variant, which could be leveraged by an attacker to execute arbitrary code remotely. (CVE-2009-2494)
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx
* Platforms Affected:
In Windows Media Player 11
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Vista
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
In Windows ATL Component
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
In Microsoft Outlook Express 6
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
In Windows Media Player 10
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
In DHTML Editing Component ActiveX Control
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
In Microsoft MSWebDVD ActiveX Control
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2 |
| Recommendation |
Apply the appropriate patch (973908) for your system, as listed in Microsoft Security Bulletin MS09-037 at http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch |
| Related URL |
CVE-2009-1917,CVE-2009-1918,CVE-2009-1919 (CVE) |
| Related URL |
35826,35827,35831 (SecurityFocus) |
| Related URL |
(ISS) |
|
