• 공개일 : 2009-07-30
• 변경일 : 2010-08-21

• 위험도: 7.8
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 낮음
• 인증 : 없음
• 기밀성 영향 : 전체
• 무결성 영향 : 없음
• 가용성 영향 : 없음
• 출처 : http://nvd.nist.gov
• 공개일 : 2009-07-31

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

• CERT, TA09-286A
• CERT, TA09-195A
• MS, MS09-035
• VUPEN, ADV-2009-2034
• CONFIRM, http://www.novell.com/support/viewContent.do?externalId=7004997&slice..
• MS, MS09-060
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-13.html
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-10.html
• SUNALERT, 266108
• SECUNIA, 36746
• SECUNIA, 36374
• HP, SSRT100013
• HP, SSRT100013

• microsoft visual_c%2B%2B 2008
• microsoft visual_studio 2008
• microsoft visual_studio_.net 2003
• microsoft visual_c%2B%2B 2005
• microsoft visual_c%2B%2B 2008
• microsoft visual_studio 2008
• microsoft visual_studio 2005
• microsoft visual_studio 2005 64_bit_hosted_visual_c%2B%2B_tools