• 공개일 : 2009-07-30
• 변경일 : 2010-08-21

• 위험도: 9.3
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 보통
• 인증 : 없음
• 기밀성 영향 : 전체
• 무결성 영향 : 전체
• 가용성 영향 : 전체
• 출처 : http://nvd.nist.gov
• 공개일 : 2009-07-31

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

• CERT, TA09-342A
• CERT, TA09-286A
• CERT, TA09-223A
• CERT, TA09-195A
• MS, MS09-035
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-11.html
• CONFIRM, http://www.adobe.com/support/security/advisories/apsa09-04.html
• VUPEN, ADV-2010-0366
• VUPEN, ADV-2009-2232
• VUPEN, ADV-2009-2034
• CONFIRM, http://www.openoffice.org/security/cves/CVE-2009-2493.html
• CONFIRM, http://www.novell.com/support/viewContent.do?externalId=7004997&slice..
• MS, MS09-072
• MS, MS09-060
• MS, MS09-055
• MS, MS09-037
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-13.html
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-10.html
• SUNALERT, 1020775
• SUNALERT, 266108
• SUNALERT, 264648
• SECUNIA, 38568
• SECUNIA, 36746
• SECUNIA, 36374
• SECUNIA, 36187
• HP, HPSBMA02488
• HP, HPSBMA02488
• SUSE, SUSE-SA:2009:053
• MISC, http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-usin..

• microsoft visual_c%2B%2B 2008
• microsoft visual_studio 2008
• microsoft visual_studio_.net 2003
• microsoft visual_c%2B%2B 2005
• microsoft visual_c%2B%2B 2008
• microsoft visual_studio 2008
• microsoft visual_studio 2005
• microsoft visual_studio 2005 64_bit_hosted_visual_c%2B%2B_tools