CVE-2009-2495

Summary

CVE	CVE-2009-2495
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-07-29 17:30:00 UTC
Updated	2018-10-12 21:51:00 UTC
Description	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Visual C	2005	sp1_redistribution_pkg	All	All
Application	Microsoft	Visual C	2008	redistribution_pkg	All	All
Application	Microsoft	Visual C	2008	sp1_redistribution_pkg	All	All
Application	Microsoft	Visual C	2005	sp1_redistribution_pkg	All	All
Application	Microsoft	Visual C	2008	redistribution_pkg	All	All
Application	Microsoft	Visual C	2008	sp1_redistribution_pkg	All	All
Application	Microsoft	Visual C	2005	sp1_redistribution_pkg	All	All
Application	Microsoft	Visual C	2008	redistribution_pkg	All	All
Application	Microsoft	Visual C	2008	sp1_redistribution_pkg	All	All
Application	Microsoft	Visual Studio	2005	sp1	All	All
Application	Microsoft	Visual Studio	2005	sp1	64_bit_hosted_visual_c++_tools	All
Application	Microsoft	Visual Studio	2005	sp1	64_bit_hosted_visual_c\+\+_tools	All
Application	Microsoft	Visual Studio	2008	All	All	All
Application	Microsoft	Visual Studio	2008	sp1	All	All
Application	Microsoft	Visual Studio	2005	sp1	All	All
Application	Microsoft	Visual Studio	2005	sp1	64_bit_hosted_visual_c\+\+_tools	All
Application	Microsoft	Visual Studio	2008	All	All	All
Application	Microsoft	Visual Studio	2008	sp1	All	All
Application	Microsoft	Visual Studio .net	2003	sp1	All	All
Application	Microsoft	Visual Studio .net	2003	sp1	All	All

References

Reference	Source	Link	Tags
www.novell.com/support/viewContent.do	CONFIRM	www.novell.com
US-CERT Technical Cyber Security Alert TA09-195A -- Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
'[security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote' - MARC	HP	marc.info
Microsoft Security Bulletin MS09-060 - Critical \| Microsoft Docs	MS	docs.microsoft.com
Adobe Flex Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
Adobe - Security Bulletins: APSB09-10 Security Updates available for Adobe Flash Player, Adobe Reader and Acrobat	CONFIRM	www.adobe.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Repository / Oval Repository	OVAL	oval.cisecurity.org
Adobe - Security Bulletins: APSB09-13 Security Update available for Flex SDK	CONFIRM	www.adobe.com
266108	SUNALERT	sunsolve.sun.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Microsoft Visual Studio Active Template Library Three Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
US-CERT Technical Cyber Security Alert TA09-286A -- Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
Microsoft Security Bulletin MS09-035 - Moderate \| Microsoft Docs	MS	docs.microsoft.com
Novell GroupWise Multiple Vulnerabilities - Advisories - Community	SECUNIA	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.