English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.101100
Categoría:Windows : Microsoft Bulletins
Título:Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
Resumen:This host is missing a critical security update according to; Microsoft Bulletin MS09-037.
Descripción:Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-037.

Vulnerability Insight:
Multiple flaws exist due to:

- Bug in the ATL header that could allow reading a variant from a stream and
leaving the variant type read with an invalid variant. When deleting the
variant, it is possible to free unintended areas in memory that could be
controlled by an attacker.

- Error in 'CComVariant::ReadFromStream()' function used in the ATL header.
This function does not properly restrict untrusted data read from a stream.

- An bug in the ATL headers that could allow an attacker to force VariantClear
to be called on a VARIANT that has not been correctly initialized.

- Bugs in the ATL headers that handle instantiation of an object from data
streams.

Vulnerability Impact:
Successful exploitation could allow remote attacker execute arbitrary code on
the vulnerable system.

Affected Software/OS:
- Microsoft Windows Media Player 9/10/11

- Microsoft Outlook Express 6 Service Pack 1

- Microsoft Outlook Express 5.5 Service Pack 2

- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-0015
BugTraq ID: 35558
http://www.securityfocus.com/bid/35558
BugTraq ID: 35585
http://www.securityfocus.com/bid/35585
Cert/CC Advisory: TA09-187A
http://www.us-cert.gov/cas/techalerts/TA09-187A.html
Cert/CC Advisory: TA09-195A
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
Cert/CC Advisory: TA09-223A
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
CERT/CC vulnerability note: VU#180513
http://www.kb.cert.org/vuls/id/180513
ISS Security Advisory: 20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities
http://www.iss.net/threats/329.html
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
http://isc.sans.org/diary.html?storyid=6733
http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799
Microsoft Security Bulletin: MS09-032
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032
Microsoft Security Bulletin: MS09-037
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
http://osvdb.org/55651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436
http://www.securitytracker.com/id?1022514
http://secunia.com/advisories/36187
http://www.vupen.com/english/advisories/2009/2232
Common Vulnerability Exposure (CVE) ID: CVE-2008-0020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850
http://www.securitytracker.com/id?1022712
Common Vulnerability Exposure (CVE) ID: CVE-2009-0901
BugTraq ID: 35832
http://www.securityfocus.com/bid/35832
Cert/CC Advisory: TA09-286A
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
HPdes Security Advisory: HPSBMA02488
http://marc.info/?l=bugtraq&m=126592505426855&w=2
HPdes Security Advisory: SSRT100013
Microsoft Security Bulletin: MS09-035
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
Microsoft Security Bulletin: MS09-060
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581
http://secunia.com/advisories/35967
http://secunia.com/advisories/36374
http://secunia.com/advisories/36746
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
http://www.vupen.com/english/advisories/2009/2034
Common Vulnerability Exposure (CVE) ID: CVE-2009-2493
Cert/CC Advisory: TA09-342A
http://www.us-cert.gov/cas/techalerts/TA09-342A.html
Microsoft Security Bulletin: MS09-055
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055
Microsoft Security Bulletin: MS09-072
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716
http://secunia.com/advisories/38568
http://secunia.com/advisories/41818
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1
SuSE Security Announcement: SUSE-SA:2009:053 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
http://www.vupen.com/english/advisories/2010/0366
Common Vulnerability Exposure (CVE) ID: CVE-2009-2494
BugTraq ID: 35982
http://www.securityfocus.com/bid/35982
http://osvdb.org/56910
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5708
CopyrightCopyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.