Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2009-2493

Disclosure Date: July 29, 2009 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka “ATL COM Initialization Vulnerability.”

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

microsoft

Products

References

Canonical

CVE-2009-2493 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493)

Advisory

http://www.adobe.com/support/security/bulletins/apsb09-11.html

SUNALERT-266108 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304

ADV-2009-2034 (http://www.vupen.com/english/advisories/2009/2034)

TA09-223A (http://www.us-cert.gov/cas/techalerts/TA09-223A.html)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621

http://www.openoffice.org/security/cves/CVE-2009-2493.html

http://www.adobe.com/support/security/bulletins/apsb09-13.html

http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1

TA09-286A (http://www.us-cert.gov/cas/techalerts/TA09-286A.html)

MS09-035 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035)

ADV-2010-0366 (http://www.vupen.com/english/advisories/2010/0366)

SSRT100013 (http://marc.info?l=bugtraq&m=126592505426855&w=2)

MS09-072 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072)

SECUNIA-36187 (http://secunia.com/advisories/36187)

TA09-342A (http://www.us-cert.gov/cas/techalerts/TA09-342A.html)

ADV-2009-2232 (http://www.vupen.com/english/advisories/2009/2232)

http://www.adobe.com/support/security/bulletins/apsb09-10.html

SECUNIA-36374 (http://secunia.com/advisories/36374)

SECUNIA-38568 (http://secunia.com/advisories/38568)

MS09-037 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037)

http://www.adobe.com/support/security/advisories/apsa09-04.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716

SECUNIA-36746 (http://secunia.com/advisories/36746)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421

SECUNIA-41818 (http://secunia.com/advisories/41818)

SECUNIA-35967 (http://secunia.com/advisories/35967)

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

SUNALERT-1020775 (http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1)

TA09-195A (http://www.us-cert.gov/cas/techalerts/TA09-195A.html)

MS09-060 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060)

MS09-055 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055)

SUNALERT-264648 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473

Miscellaneous

http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx

Rapid7

Technical Analysis