Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Visual Studio, which can be exploited by malicious people to potentially bypass security features, gain knowledge of sensitive information, or compromise applications built using ATL (Active Template Library).
b02670075578577a8069aaec987f90046f7ed6742f24a80fca341db41be0409a----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Microsoft Visual Studio Active Template Library Three Vulnerabilities
SECUNIA ADVISORY ID:
SA35967
VERIFY ADVISORY:
http://secunia.com/advisories/35967/
DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Visual Studio,
which can be exploited by malicious people to potentially bypass
security features, gain knowledge of sensitive information, or
compromise applications built using ATL (Active Template Library).
1) An error in the ATL headers when handling persisted streams can be
exploited to cause VariantClear() to be called on a VARIANT that has
not been correctly initialised. This can e.g. be exploited to corrupt
memory via a web page passing a specially crafted stream to a
vulnerable control.
Successful exploitation may allow execution of arbitrary code.
2) An error in the ATL headers when handling object instantiation
from data streams may allow bypassing of security policies such as
kill-bits in Internet Explorer if a control or component uses
OleLoadFromStream() in an unsafe manner.
3) An error in ATL may result in a string being read without
terminating NULL bytes, which can be exploited to disclose memory
contents beyond the end of the string.
SOLUTION:
Apply patches.
Microsoft Visual Studio .NET 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=63ce454e-f69c-44e3-89fb-eb23c2e2154e
Microsoft Visual Studio 2005 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7c8729dc-06a2-4538-a90d-ff9464dc0197
Microsoft Visual Studio 2005 SP1 64-bit Hosted Visual C++ Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=43f96f2a-69c6-4c5e-b72c-0edfa35f4fc2
Microsoft Visual Studio 2008:
http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd-469d-baea-a4306270462c
Microsoft Visual Studio 2008 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94-49fb-a014-9a38580e64cb
Microsoft Visual C++ 2005 SP1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2
Microsoft Visual C++ 2008 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4-4b6b-9ac5-687ca0770f93
Microsoft Visual C++ 2008 SP1 Redistributable Package:
http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c
NOTE: It is also necessary for developers to rebuild any components
and controls created using a vulnerable version of the ATL library.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits David Dewey, IBM ISS X-Force.
2-3) The vendor credit Ryan Smith, iDefense Labs.
ORIGINAL ADVISORY:
MS09-035 (KB969706, KB971089, KB971090, KB971091, KB971092, KB973544,
KB973551, KB973552, KB973830):
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx
OTHER REFERENCES:
Microsoft Security Advisory (973882):
http://www.microsoft.com/technet/security/advisory/973882.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed