ID de Prueba:	1.3.6.1.4.1.25623.1.0.900809
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-035.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-035. Vulnerability Insight: - An error in the ATL headers when handling persisted streams can be exploited to cause VariantClear function to be called on a VARIANT that has not been correctly initialised via a specially crafted web page. - An error in the ATL headers when handling object instantiation from data streams may allow bypassing of security policies such as kill-bits in Internet Explorer if a control or component uses OleLoadFromStream function in an unsafe manner. - An error in ATL may result in a string being read without terminating NULL bytes, which can be exploited to disclose memory contents beyond the end of the string. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code which may result in memory corruption on the affected system. Affected Software/OS: - Microsoft Visual Studio 2005 SP 1 and prior - Microsoft Visual Studio 2008 SP 1 and prior - Microsoft Visual Studio .NET 2003 SP 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0901 BugTraq ID: 35832 http://www.securityfocus.com/bid/35832 Cert/CC Advisory: TA09-195A http://www.us-cert.gov/cas/techalerts/TA09-195A.html Cert/CC Advisory: TA09-223A http://www.us-cert.gov/cas/techalerts/TA09-223A.html Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html HPdes Security Advisory: HPSBMA02488 http://marc.info/?l=bugtraq&m=126592505426855&w=2 HPdes Security Advisory: SSRT100013 http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx Microsoft Security Bulletin: MS09-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035 Microsoft Security Bulletin: MS09-037 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037 Microsoft Security Bulletin: MS09-060 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581 http://secunia.com/advisories/35967 http://secunia.com/advisories/36187 http://secunia.com/advisories/36374 http://secunia.com/advisories/36746 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://www.vupen.com/english/advisories/2009/2034 http://www.vupen.com/english/advisories/2009/2232 Common Vulnerability Exposure (CVE) ID: CVE-2009-2493 Cert/CC Advisory: TA09-342A http://www.us-cert.gov/cas/techalerts/TA09-342A.html Microsoft Security Bulletin: MS09-055 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055 Microsoft Security Bulletin: MS09-072 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716 http://secunia.com/advisories/38568 http://secunia.com/advisories/41818 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://www.vupen.com/english/advisories/2010/0366 Common Vulnerability Exposure (CVE) ID: CVE-2009-2495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.