Vulnerabilities > CVE-2009-0901 - Code Injection vulnerability in Microsoft Visual C++, Visual Studio and Visual Studio .Net
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Msbulletin
bulletin_id MS09-060 bulletin_url date 2009-10-13T00:00:00 impact Remote Code Execution knowledgebase_id 973965 knowledgebase_url severity Critical title Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution bulletin_id MS09-037 bulletin_url date 2009-08-11T00:00:00 impact Remote Code Execution knowledgebase_id 973908 knowledgebase_url severity Critical title Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution bulletin_id MS09-035 bulletin_url date 2009-07-28T00:00:00 impact Remote Code Execution knowledgebase_id 969706 knowledgebase_url severity Moderate title Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_FLASH-PLAYER-090731.NASL description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870) last seen 2020-06-01 modified 2020-06-02 plugin id 41392 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41392 title SuSE 11 Security Update : flash-player (SAT Patch Number 1149) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41392); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0901", "CVE-2009-1862", "CVE-2009-1863", "CVE-2009-1864", "CVE-2009-1865", "CVE-2009-1866", "CVE-2009-1867", "CVE-2009-1868", "CVE-2009-1869", "CVE-2009-1870", "CVE-2009-2395", "CVE-2009-2493"); script_name(english:"SuSE 11 Security Update : flash-player (SAT Patch Number 1149)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=524508" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0901.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1862.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1863.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1864.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1865.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1866.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1867.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1868.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1869.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1870.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2395.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2493.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1149."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(59, 89, 94, 119, 189, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"flash-player-10.0.32.18-0.1.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS09-037.NASL description The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function last seen 2020-06-01 modified 2020-06-02 plugin id 40556 published 2009-08-11 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40556 title MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(40556); script_version("1.28"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2008-0015", "CVE-2008-0020", "CVE-2009-0901", "CVE-2009-2493", "CVE-2009-2494"); script_bugtraq_id(35558, 35585, 35828, 35832, 35982); script_xref(name:"MSFT", value:"MS09-037"); script_xref(name:"MSKB", value:"973354"); script_xref(name:"MSKB", value:"973507"); script_xref(name:"MSKB", value:"973540"); script_xref(name:"MSKB", value:"973815"); script_xref(name:"MSKB", value:"973869"); script_xref(name:"IAVA", value:"2009-A-0067"); script_xref(name:"CERT", value:"180513"); script_xref(name:"CERT", value:"456745"); script_xref(name:"EDB-ID", value:"9108"); script_xref(name:"EDB-ID", value:"16615"); script_name(english:"MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)"); script_summary(english:"Checks version of various files"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through Microsoft Active Template Library."); script_set_attribute(attribute:"description", value: "The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function 'CComVariant::ReadFromStream' used in the ATL header, which fails to properly restrict untrusted data read from a stream. (CVE-2008-0015) - A remote code execution issue exists in the Microsoft Active Template Library due to an error in the 'Load' method of the 'IPersistStreamInit' interface, which could allow calls to 'memcpy' with untrusted data. (CVE-2008-0020) - An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - Unsafe usage of 'OleLoadFromStream' could allow instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - A bug in the ATL header could allow reading a variant from a stream and leaving the variant type read with an invalid variant, which could be leveraged by an attacker to execute arbitrary code remotely. (CVE-2009-2494)"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-037"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/06"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS09-037'; kbs = make_list("973354", "973507", "973540", "973815", "973869"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2', vista:'0,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); programfiles = hotfix_get_programfilesdir(); if (!programfiles) exit(1, "Can't determine location of Program Files."); if (tolower(programfiles[0]) != tolower(rootfile[0])) { share = hotfix_path2share(path:programfiles); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); } commonfiles = hotfix_get_officecommonfilesdir(); if (!commonfiles) exit(1, "Can't determine location of Common Files."); vuln = 0; # Media Player. if ( # Vista / Windows Server 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Wmp.dll", version:"11.0.6002.22172", min_version:"11.0.6002.20000", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:2, file:"Wmp.dll", version:"11.0.6002.18065", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Wmp.dll", version:"11.0.6001.7114", min_version:"11.0.6001.7100", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Wmp.dll", version:"11.0.6001.7007", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Wmp.dll", version:"11.0.6000.6511", min_version:"11.0.6000.6500", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Wmp.dll", version:"11.0.6000.6352", dir:"\System32", bulletin:bulletin, kb:'973540') || # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Wmp.dll", version:"10.0.0.4006", dir:"\System32", bulletin:bulletin, kb:'973540') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Wmp.dll", version:"9.0.0.4507", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x64", file:"Wmp.dll", version:"11.0.5721.5268", min_version:"11.0.0.0", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x64", file:"Wmp.dll", version:"10.0.0.4006", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x86", file:"Wmp.dll", version:"9.0.0.3271", dir:"\System32", bulletin:bulletin, kb:'973540') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Wmp.dll", version:"9.0.0.3364", dir:"\System32", bulletin:bulletin, kb:'973540') ) vuln++; # ATL. if ( # Vista / Windows Server 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Atl.dll", version:"3.0.9793.0", dir:"\System32", bulletin:bulletin, kb:'973507') ) vuln++; # MSWebDVD ActiveX Control. if ( # Vista / Windows Server 2008 # # empty # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, arch:"x86", file:"Mswebdvd.dll", version:"6.5.3790.4564", dir:"\System32", bulletin:bulletin, kb:'973815') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Mswebdvd.dll", version:"6.5.2600.5848", dir:"\System32", bulletin:bulletin, kb:'973815') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x86", file:"Mswebdvd.dll", version:"6.5.2600.3603", dir:"\System32", bulletin:bulletin, kb:'973815') # Windows 2000 # # empty ) vuln++; # Outlook Express. NetUseDel(close:FALSE); if ( # Vista / Windows Server 2008 # # empty # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Msoe.dll", version:"6.0.3790.4548", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Msoe.dll", version:"6.0.2900.5843", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x64", file:"Msoe.dll", version:"6.0.3790.4548", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x86", file:"Msoe.dll", version:"6.0.2900.3598", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Msoe.dll", version:"6.0.2800.1983", min_version:"6.0.0.0", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || hotfix_is_vulnerable(os:"5.0", file:"Msoe.dll", version:"5.50.5003.1000", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') ) vuln++; # DHTML Editing Component ActiveX control/ if (!commonfiles) { hotfix_check_fversion_end(); exit(1, "Can't determine location of Common Files."); } if (typeof(commonfiles) != 'array') { temp = commonfiles; commonfiles = make_array('commonfiles', commonfiles); } checkeddirs = make_array(); NetUseDel(close:FALSE); foreach ver (keys(commonfiles)) { dir = commonfiles[ver]; if (checkeddirs[dir]) continue; checkeddirs[dir] = 1; if ( # Vista / Windows Server 2008 # # empty # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Dhtmled.ocx", version:"6.1.0.9247", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, file:"Dhtmled.ocx", version:"6.1.0.9247", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Dhtmled.ocx", version:"6.1.0.9247", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Dhtmled.ocx", version:"6.1.0.9234", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') ) vuln++; } if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows NASL id SHOCKWAVE_PLAYER_APSB09_11.NASL description The remote Windows host contains a version of Adobe last seen 2020-06-01 modified 2020-06-02 plugin id 40421 published 2009-07-29 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40421 title Shockwave Player < 11.5.0.601 Multiple Vulnerabilities (APSB09-11) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(40421); script_version("1.17"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id('CVE-2009-0901', 'CVE-2009-2495', 'CVE-2009-2493'); script_bugtraq_id(35845); script_name(english:'Shockwave Player < 11.5.0.601 Multiple Vulnerabilities (APSB09-11)'); script_summary(english:'Checks version of Shockwave Player'); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains an Internet Explorer plugin which uses a vulnerable version of the Microsoft Active Template Library (ATL)."); script_set_attribute(attribute:"description", value: "The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.0.601. Such versions were compiled against a version of Microsoft's Active Template Library (ATL) that contained a vulnerability. If an attacker can trick a user of the affected software into opening such a file, this issue could be leveraged to execute arbitrary code with the privileges of that user."); script_set_attribute(attribute:"see_also", value:"http://blogs.adobe.com/psirt/2009/07/impact_of_microsoft_atl_vulner.html/"); script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb09-11.html"); script_set_attribute(attribute:"solution", value: "Uninstall the Internet Explorer version of Shockwave Player version 11.5.0.600 and earlier, restart the system, and then install version 11.5.0.601 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(94, 200, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/28"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:shockwave_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:'Windows'); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies('smb_hotfixes.nasl'); script_require_keys('SMB/Registry/Enumerated'); script_require_ports(139, 445); exit(0); } include('global_settings.inc'); include('smb_func.inc'); include("audit.inc"); # Connect to the appropriate share. if (!get_kb_item('SMB/Registry/Enumerated')) exit(0, 'SMB/Registry/Enumerated KB item is missing.'); name = kb_smb_name(); port = kb_smb_transport(); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init'); rc = NetUseAdd(login:login, password:pass, domain:domain, share:'IPC$'); if (rc != 1) { NetUseDel(); exit(1, 'Can not connect to IPC$ share.'); } # Connect to remote registry. hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE); if (isnull(hklm)) { NetUseDel(); exit(1, 'Can not connect to remote registry.'); } # Check whether it's installed. variants = make_array(); # - check for the ActiveX control. clsids = make_list( '{4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}', '{233C1507-6A77-46A4-9443-F871F945D258}', '{166B1BCA-3F9C-11CF-8075-444553540000}' # used in versions <= 10.x. ); foreach clsid (clsids) { key = 'SOFTWARE\\Classes\\CLSID\\' + clsid + '\\InprocServer32'; key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); if (!isnull(key_h)) { item = RegQueryValue(handle:key_h, item:NULL); if (!isnull(item)) { file = item[1]; variants[file] = 'ActiveX'; } RegCloseKey(handle:key_h); } } RegCloseKey(handle:hklm); if (max_index(keys(variants)) == 0) { NetUseDel(); exit(0, 'Shockwave Player for Internet Explorer is not installed.'); } # Determine the version of each instance found. files = make_array(); info = ''; foreach file (keys(variants)) { # Don't report again if the name differs only in its case. if (files[tolower(file)]++) continue; variant = variants[file]; share = ereg_replace(pattern:'^([A-Za-z]):.*', replace:'\\1$', string:file); file2 = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:'\\1', string:file); NetUseDel(close:FALSE); rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) { NetUseDel(); exit(1, 'Can not connect to '+share+' share.'); } fh = CreateFile( file:file2, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_NORMAL, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING ); if (!isnull(fh)) { ver = GetFileVersion(handle:fh); CloseFile(handle:fh); if ( isnull(ver) || (ver[0] == 0 && ver[1] == 0 && ver[2] == 0 && ver[3] == 0) ) { NetUseDel(); exit(1, "Failed to get the file version from '"+file+"'."); } if ( ver[0] < 11 || ( ver[0] == 11 && ( ver[1] < 5 || (ver[1] == 5 && ver[2] == 0 && ver[3] < 601) ) ) ) { version = string(ver[0], '.', ver[1], '.', ver[2], '.', ver[3]); if (variant == 'ActiveX') { info += ' - ActiveX control (for Internet Explorer) :\n'; } info += ' ' + file + ', ' + version + '\n'; } } NetUseDel(close:FALSE); } NetUseDel(); if (!info) exit(0, 'No vulnerable installs of Shockwave Player were found.'); if (report_verbosity > 0) { # nb: each vulnerable instance adds 2 lines to 'info'. if (max_index(split(info)) > 2) shck = 's'; else shck = ''; report = string( '\n', 'Nessus has identified the following vulnerable instance', shck, ' of Shockwave\n', 'Player for Internet Explorer installed on the remote host :\n', '\n', info ); security_hole(port:get_kb_item('SMB/transport'), extra:report); } else security_hole(get_kb_item('SMB/transport'));NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-6386.NASL description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870) last seen 2020-06-01 modified 2020-06-02 plugin id 51731 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51731 title SuSE 10 Security Update : flash-player (ZYPP Patch Number 6386) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51731); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-0901", "CVE-2009-1862", "CVE-2009-1863", "CVE-2009-1864", "CVE-2009-1865", "CVE-2009-1866", "CVE-2009-1867", "CVE-2009-1868", "CVE-2009-1869", "CVE-2009-1870", "CVE-2009-2395", "CVE-2009-2493"); script_name(english:"SuSE 10 Security Update : flash-player (ZYPP Patch Number 6386)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0901.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1862.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1863.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1864.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1865.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1866.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1867.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1868.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1869.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1870.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2395.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2493.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6386."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(59, 89, 94, 119, 189, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"flash-player-9.0.246.0-0.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS09-035.NASL description The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - On systems with components and controls installed that were built using Visual Studio ATL, unsafe usage of OleLoadFromStream could allow instantiation of arbitrary objects that can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow a string to be read without a terminating NULL character, which could lead to disclosure of information in memory. (CVE-2009-2495) last seen 2020-06-01 modified 2020-06-02 plugin id 40435 published 2009-07-30 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40435 title MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(40435); script_version("1.32"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2009-0901", "CVE-2009-2493", "CVE-2009-2495"); script_bugtraq_id(35828, 35830, 35832); script_xref(name:"MSFT", value:"MS09-035"); script_xref(name:"MSKB", value:"973544"); script_xref(name:"MSKB", value:"973551"); script_xref(name:"MSKB", value:"973552"); script_xref(name:"MSKB", value:"973675"); script_xref(name:"IAVB", value:"2009-B-0033"); script_xref(name:"CERT", value:"456745"); script_name(english:"MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)"); script_summary(english:"Checks for Visual Studio / Visual C++ patches"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through Microsoft Active Template Library."); script_set_attribute(attribute:"description", value: "The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - On systems with components and controls installed that were built using Visual Studio ATL, unsafe usage of OleLoadFromStream could allow instantiation of arbitrary objects that can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow a string to be read without a terminating NULL character, which could lead to disclosure of information in memory. (CVE-2009-2495)"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-035"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Visual Studio .NET 2003, Visual Studio 2005 and 2008, as well as Visual C++ 2005 and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(94, 200, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/28"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_studio"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_studio_.net"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_c++"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); include("audit.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); get_kb_item_or_exit("SMB/Registry/Uninstall/Enumerated"); bulletin = 'MS09-035'; kbs = make_list("973544", "973551", "973552", "973675"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); if (!get_kb_item("SMB/WindowsVersion")) exit(1, "SMB/WindowsVersion KB item is missing."); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Can't get system root."); commonfiles = hotfix_get_commonfilesdir(); MAX_RECURSE = 3; port = kb_smb_transport(); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); hcf_init = TRUE; function _list_dir(basedir, level, dir_pat, file_pat) { local_var contents, ret, subdirs, subsub; # nb: limit how deep we'll recurse. if (level > MAX_RECURSE) return NULL; subdirs = NULL; if (isnull(dir_pat)) dir_pat = ""; ret = FindFirstFile(pattern:basedir + "\*" + dir_pat + "*"); contents = make_list(); while (!isnull(ret[1])) { if (file_pat && ereg(pattern:file_pat, string:ret[1], icase:TRUE)) contents = make_list(contents, basedir+"\"+ret[1]); subsub = NULL; if ("." != ret[1] && ".." != ret[1] && level <= MAX_RECURSE) subsub = _list_dir(basedir:basedir+"\"+ret[1], level:level+1, file_pat:file_pat); if (!isnull(subsub)) { if (isnull(subdirs)) subdirs = make_list(subsub); else subdirs = make_list(subdirs, subsub); } ret = FindNextFile(handle:ret); } if (isnull(subdirs)) return contents; else return make_list(contents, subdirs); } # Returns the file version as a string, either from the KB or by # calling GetFileVersion(). Assumes we're already connected to the # correct share. function get_file_version() { local_var fh, file, ver, version; if (isnull(_FCT_ANON_ARGS[0])) return NULL; file = _FCT_ANON_ARGS[0]; version = get_kb_item("SMB/FileVersions"+tolower(str_replace(string:file, find:"\", replace:"/"))); if (isnull(version)) { fh = CreateFile( file:file, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_NORMAL, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING ); if (!isnull(fh)) { ver = GetFileVersion(handle:fh); CloseFile(handle:fh); if (!isnull(ver)) { version = string(ver[0], ".", ver[1], ".", ver[2], ".", ver[3]); set_kb_item( name:"SMB/FileVersions"+tolower(str_replace(string:file, find:"\", replace:"/")), value:version ); } } } return version; } ####################################################################### # Check VC++ Redistributables. ####################################################################### installs = make_array(); # - Check if the redistributable is known to be installed; otherwise, # we'll generate a false positive against Visual Studio. list = get_kb_list("SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName"); if (!isnull(list)) { foreach name (keys(list)) { prod = list[name]; if (prod && ereg(pattern:"^Microsoft Visual C\+\+ 200[58] Redistributable", string:prod, icase:TRUE)) { installs[tolower(prod)]++; } } } if (max_index(keys(installs))) { share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:rootfile); if (!is_accessible_share(share:share)) exit(1, "Can't access '"+share+"' share."); rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) { NetUseDel(); exit(1, "Can't access '"+share+"' share."); } fixed = make_array(); probs = make_array(); kbs = make_array(); fixed_versions = make_array(); fversions = make_array(); prodfiles = make_array(); winsxs = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\WinSxS", string:rootfile); files = _list_dir(basedir:winsxs, level:0, dir_pat:"microsoft.vc?0.atl", file_pat:"^atl(80|90)\.dll$"); if (!isnull(files)) { foreach file (files) { if (ereg(pattern:"Microsoft\.VC80\.ATL", string:file, icase:TRUE)) { prod = "Visual C++ 2005 SP1 Redistributable Package"; fixed_versions[prod] = "8.0.50727.4053"; prodfiles[prod] = "atl80.dll"; kbs[prod] = '973544'; } else if (ereg(pattern:"Microsoft\.VC90\.ATL.+_9\.0\.[0-2][0-9]+", string:file, icase:TRUE)) { prod = "Visual C++ 2008 Redistributable Package"; fixed_versions[prod] = "9.0.21022.218"; prodfiles[prod] = "atl90.dll"; kbs[prod] = '973551'; } else if (ereg(pattern:"Microsoft\.VC90\.ATL.+_9\.0\.3[0-9]+", string:file, icase:TRUE)) { prod = "Visual C++ 2008 SP1 Redistributable Package"; fixed_versions[prod] = "9.0.30729.4148"; prodfiles[prod] = "atl90.dll"; kbs[prod] = '973552'; } else continue; installed = FALSE; foreach key (keys(installs)) { if ( (" 2005 " >< prod && " 2005 " >< key) || ( " 2008 " >< prod && " 2008 " >< key && ( ereg(pattern:" 9\.0\.[0-2][0-9]+", string:key) || (" SP1 " >< prod && ereg(pattern:" 9\.0\.3[0-9]+", string:key)) ) ) ) { installed = TRUE; break; } } if (!installed) continue; if (isnull(fixed[prod]) || fixed[prod] == 0) { version = get_file_version(file); fversions[prod] = version; if (!isnull(version)) { if (version == fixed_versions[prod]) { fixed[prod]++; if (prod == "Visual C++ 2008 SP1 Redistributable Package") { fixed["Visual C++ 2008 Redistributable Package"]++; probs[prod] = 0; } continue; } ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fix = split(fixed_versions[prod], sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); # Flag it if it's older or flag the fix if it's fixed. for (i=0; i<max_index(ver); i++) if ((ver[i] < fix[i])) { fixed[prod] = 0; probs[prod]++; break; } else if (ver[i] > fix[i]) { fixed[prod]++; probs[prod] = 0; if (prod == "Visual C++ 2008 SP1 Redistributable Package") { fixed["Visual C++ 2008 Redistributable Package"]++; probs[prod] = 0; } break; } } } } } NetUseDel(close:FALSE); # Report and exit if there's a problem. info = ""; s = 0; foreach prod (keys(probs)) { if (!fixed[prod]) s++; } if (s) { set_kb_item(name:'SMB/Missing/MS09-035', value:TRUE); if (s > 1) s = 's have'; else s = ' has'; info = '\n The following Visual C++ Redistributable Package' + s + ' not' + '\n been patched : \n'; hotfix_add_report(info); foreach prod (keys(probs)) { if (fixed[prod]) continue; info = '\n Product : ' + prod + '\n File : ' + prodfiles[prod] + '\n Installed version : ' + fversions[prod] + '\n Fixed version : ' + fixed_versions[prod] + '\n'; hotfix_add_report(info, bulletin:bulletin, kb:kbs[prod]); } hotfix_security_hole(); exit(0); } } ####################################################################### # Check Visual Studio installs. ####################################################################### # - identify VCROOT for each install. installs = make_array(); rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$"); if (rc != 1) { NetUseDel(); exit(1, "Can't connect to IPC$ share."); } hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE); if (isnull(hklm)) { NetUseDel(); exit(1, "Can't connect to remote registry."); } key = "SOFTWARE\Microsoft\VisualStudio"; subkeys = get_registry_subkeys(handle:hklm, key:key, wow:TRUE); if (!isnull(subkeys)) { if (report_paranoia < 2) pat = '^(7\\.1|8\\.0|9\\.0)$'; else pat = '^[0-9]\\.[0-9]+$'; foreach node (keys(subkeys)) { key = node; foreach subkey (subkeys[node]) { if (ereg(pattern:pat, string:subkey)) { key2 = key + '\\' + subkey; path = get_registry_value(handle:hklm, item:key2 + "\InstallDir"); if (!isnull(path)) { path = ereg_replace(pattern:'^"(.+)"$', replace:"\1", string:path); vcroot = ereg_replace(pattern:"^(.+)\\Common7\\IDE\\$", replace:"\1", string:path, icase:TRUE); if (vcroot >< path) installs[subkey] = vcroot; } } } } } RegCloseKey(handle:hklm); NetUseDel(close:FALSE); # - locate possibly-affected files. atl_files = make_list(); foreach ver (keys(installs)) { if (ver =~ "^[89]\.") { vcroot = installs[ver]; share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:vcroot); rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) { NetUseDel(); exit(1, "Can't access '"+share+"' share."); } path = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1", string:vcroot); files = _list_dir(basedir:path+"\VC\redist", level:0, file_pat:"^atl(80|90)\.dll$"); if (!isnull(files)) { foreach file (files) { atl_files = make_list(atl_files, (share-'$')+':'+file); } } } else { if (report_paranoia < 2) pat = "^atl(71|80|90)\.dll$"; else pat = "^atl[0-9][0-9]\.dll$"; basedirs = make_list( rootfile+"\System32", commonfiles+"\Microsoft Shared\Help", commonfiles+"\Microsoft Shared\VSA" ); foreach basedir (basedirs) { share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:basedir); rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) { NetUseDel(); exit(1, "Can't access '"+share+"' share."); } basedir = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1", string:basedir); if (ereg(pattern:"\System32$", string:basedir, icase:TRUE)) files = _list_dir(basedir:basedir, level:MAX_RECURSE, file_pat:pat); else files = _list_dir(basedir:basedir, level:0, file_pat:pat); if (!isnull(files)) { foreach file (files) { atl_files = make_list(atl_files, (share-'$')+':'+file); } } NetUseDel(close:FALSE); } } } NetUseDel(close:FALSE); # - check each file. vuln = 0; foreach atl (atl_files) { match = eregmatch(pattern:"^(.+)\\(atl[0-9]+\.dll)$", string:atl, icase:TRUE); if (match) { path = match[1]; file = match[2]; if ( hotfix_check_fversion(file:file, version:"9.0.30729.4148", min_version:"9.0.30000.0", path:path, bulletin:bulletin, kb:'973675') == HCF_OLDER || hotfix_check_fversion(file:file, version:"9.0.21022.218", min_version:"9.0.0.0", path:path, bulletin:bulletin, kb:'973674') == HCF_OLDER || hotfix_check_fversion(file:file, version:"8.0.50727.4053", min_version:"8.0.0.0", path:path, bulletin:bulletin, kb:'971090') == HCF_OLDER || hotfix_check_fversion(file:file, version:"7.10.6101.0", path:path, bulletin:bulletin, kb:'971089') == HCF_OLDER ) vuln++; } } if (vuln) { set_kb_item(name:"SMB/Missing/MS09-035", value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); exit(0, "The host is not affected"); }NASL family Windows NASL id FLASH_PLAYER_APSB09_10.NASL description The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly affected by multiple vulnerabilities : - A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-1862) - A vulnerability in the Microsoft Active Template Library (ATL) which could allow an attacker who successfully exploits the vulnerability to take control of the affected system. (CVE-2009-0901, CVE-2009-2395, CVE-2009-2493) - A privilege escalation vulnerability that could potentially lead to code execution. (CVE-2009-1863) - A heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1864) - A NULL pointer vulnerability that could potentially lead to code execution. (CVE-2009-1865) - A stack overflow vulnerability that could potentially lead to code execution. (CVE-2009-1866) - A clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2009-1867 - A URL parsing heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1868) - An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-1869) - A local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive. CVE-2009-1870) last seen 2020-06-01 modified 2020-06-02 plugin id 40434 published 2009-07-30 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40434 title Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(40434); script_version("1.21"); script_cve_id( 'CVE-2009-1862', 'CVE-2009-0901', 'CVE-2009-2493', 'CVE-2009-1863', 'CVE-2009-1864', 'CVE-2009-1865', 'CVE-2009-1866', 'CVE-2009-1867', 'CVE-2009-1868', 'CVE-2009-1869', 'CVE-2009-1870'); script_bugtraq_id(35759, 35832, 35846, 35900, 35901, 35902, 35903, 35904, 35905, 35906, 35907, 35908); script_name(english:"Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10)"); script_summary(english:"Checks version of Flash Player"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a browser plugin that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly affected by multiple vulnerabilities : - A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-1862) - A vulnerability in the Microsoft Active Template Library (ATL) which could allow an attacker who successfully exploits the vulnerability to take control of the affected system. (CVE-2009-0901, CVE-2009-2395, CVE-2009-2493) - A privilege escalation vulnerability that could potentially lead to code execution. (CVE-2009-1863) - A heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1864) - A NULL pointer vulnerability that could potentially lead to code execution. (CVE-2009-1865) - A stack overflow vulnerability that could potentially lead to code execution. (CVE-2009-1866) - A clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2009-1867 - A URL parsing heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1868) - An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-1869) - A local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive. CVE-2009-1870)" ); script_set_attribute(attribute:"see_also", value: "http://www.adobe.com/support/security/bulletins/apsb09-10.html" ); script_set_attribute( attribute:"solution", value: "Upgrade to version 10.0.32.18 or later. If you are unable to upgrade to version 10, upgrade to version 9.0.246.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(59, 94, 119, 189, 200, 264); script_set_attribute( attribute:'vuln_publication_date', value:'2009/07/28' ); script_set_attribute( attribute:'patch_publication_date', value:'2009/07/30' ); script_set_attribute( attribute:'plugin_publication_date', value:'2009/07/30' ); script_cvs_date("Date: 2018/07/11 17:09:26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("flash_player_installed.nasl"); script_require_keys("SMB/Flash_Player/installed"); exit(0); } # if (!get_kb_item("SMB/Flash_Player/installed")) exit(0); include ("global_settings.inc"); # Identify vulnerable versions. info=NULL; foreach variant (make_list("Plugin", "ActiveX")) { vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*"); files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*"); if(!isnull(vers) && !isnull(files)) { foreach key (keys(vers)) { ver = vers[key]; if (ver) { iver = split(ver, sep:'.',keep:FALSE); for(i=0;i<max_index(iver);i++) iver[i] = int(iver[i]); if ( ( iver[0] == 10 && iver[1] == 0 && ( iver[2] < 22 || (iver[2] == 22 && iver[3] <= 87) ) ) || (iver[0] == 9 && iver[1] == 0 && iver[2] < 246) || iver[0] < 9 ) { num = key - ("SMB/Flash_Player/"+variant+"/Version/"); file = files["SMB/Flash_Player/"+variant+"/File/"+num]; if (variant == "Plugin") { info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\n'; } else if (variant == "ActiveX") { info += ' - ActiveX control (for Internet Explorer) :\n'; } info += ' ' + file + ', ' + ver + '\n'; } } } } } if (info) { if (report_verbosity > 0) { # nb: each vulnerable instance adds 2 lines to 'info'. if (max_index(split(info)) > 2) inst = "s"; else inst = ""; report = string( "\n", "Nessus has identified the following vulnerable instance", inst, " of Flash\n", "Player installed on the remote host :\n", "\n", info ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family SuSE Local Security Checks NASL id SUSE_11_0_FLASH-PLAYER-090731.NASL description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870). last seen 2020-06-01 modified 2020-06-02 plugin id 40488 published 2009-08-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40488 title openSUSE Security Update : flash-player (flash-player-1148) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update flash-player-1148. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40488); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-0901", "CVE-2009-1862", "CVE-2009-1863", "CVE-2009-1864", "CVE-2009-1865", "CVE-2009-1866", "CVE-2009-1867", "CVE-2009-1868", "CVE-2009-1869", "CVE-2009-1870", "CVE-2009-2395", "CVE-2009-2493"); script_name(english:"openSUSE Security Update : flash-player (flash-player-1148)"); script_summary(english:"Check for the flash-player-1148 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=524508" ); script_set_attribute( attribute:"solution", value:"Update the affected flash-player package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(59, 89, 94, 119, 189, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"flash-player-9.0.246.0-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player"); }NASL family Windows NASL id WIN_SERVER_2008_NTLM_PCI.NASL description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 108811 published 2018-04-03 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108811 title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS) NASL family SuSE Local Security Checks NASL id SUSE_11_1_FLASH-PLAYER-090731.NASL description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870). last seen 2020-06-01 modified 2020-06-02 plugin id 40489 published 2009-08-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40489 title openSUSE Security Update : flash-player (flash-player-1148) NASL family SuSE Local Security Checks NASL id SUSE_FLASH-PLAYER-6387.NASL description Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870). last seen 2020-06-01 modified 2020-06-02 plugin id 42001 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42001 title openSUSE 10 Security Update : flash-player (flash-player-6387) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS09-060.NASL description One or more ActiveX controls included in Microsoft Outlook or Visio and installed on the remote Windows host was compiled with a version of Microsoft Active Template Library (ATL) that is affected by potentially several vulnerabilities : - An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - Unsafe usage of last seen 2020-06-01 modified 2020-06-02 plugin id 42116 published 2009-10-14 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42116 title MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
Oval
accepted 2009-09-28T04:00:20.671-04:00 class vulnerability contributors name Dragos Prisaca organization Gideon Technologies, Inc. name J. Daniel Brown organization DTCC name Rachana Shetty organization SecPod Technologies name Josh Turpin organization Symantec Corporation name Chandan S organization SecPod Technologies name Dragos Prisaca organization G2, Inc. name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Outlook Express 5.5 SP2 is installed. oval oval:org.mitre.oval:def:504 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Outlook Express 6 SP1 is installed. oval oval:org.mitre.oval:def:488 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442
description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." family windows id oval:org.mitre.oval:def:6289 status deprecated submitted 2009-08-11T13:00:00 title ATL Uninitialized Object Vulnerability version 78 accepted 2009-09-14T04:00:10.848-04:00 class vulnerability contributors name Dragos Prisaca organization Gideon Technologies, Inc. name J. Daniel Brown organization DTCC name Mike Lah organization The MITRE Corporation name Mike Lah organization The MITRE Corporation name Mike Lah organization The MITRE Corporation name Mike Lah organization The MITRE Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Visual Studio .NET 2003 SP1 is installed oval oval:org.mitre.oval:def:168 comment Microsoft Visual Studio 2005 Service Pack 1 is installed oval oval:org.mitre.oval:def:6401 comment Microsoft Visual Studio 2008 is installed oval oval:org.mitre.oval:def:5401 comment Microsoft Visual Studio 2008 Service Pack 1 is installed oval oval:org.mitre.oval:def:6205
description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." family windows id oval:org.mitre.oval:def:6311 status deprecated submitted 2009-07-28T13:00:00 title ATL Uninitialized Object Vulnerability version 79 accepted 2009-11-30T04:00:36.150-05:00 class vulnerability contributors name Dragos Prisaca organization Gideon Technologies, Inc. name J. Daniel Brown organization DTCC name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Outlook 2002 is installed oval oval:org.mitre.oval:def:5179 comment Microsoft Outlook 2003 is installed oval oval:org.mitre.oval:def:5505 comment Microsoft Outlook 2007 is installed oval oval:org.mitre.oval:def:5352 comment Microsoft Visio Viewer 2002 is installed oval oval:org.mitre.oval:def:6500 comment Microsoft Office Visio Viewer 2003 is installed oval oval:org.mitre.oval:def:6420 comment Microsoft Office Visio Viewer 2007 is installed oval oval:org.mitre.oval:def:6128
description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." family windows id oval:org.mitre.oval:def:6373 status deprecated submitted 2009-10-13T13:00:00 title ATL Uninitialized Object Vulnerability version 6 accepted 2015-08-10T04:01:10.426-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Mike Lah organization The MITRE Corporation name Mike Lah organization The MITRE Corporation name Mike Lah organization The MITRE Corporation name Mike Lah organization The MITRE Corporation name Rachana Shetty organization SecPod Technologies name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Dragos Prisaca organization Symantec Corporation name Shane Shaffer organization G2, Inc. name Josh Turpin organization Symantec Corporation name Chandan S organization SecPod Technologies name Dragos Prisaca organization G2, Inc. name Dragos Prisaca organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Outlook 2002 is installed oval oval:org.mitre.oval:def:5179 comment Microsoft Outlook 2003 is installed oval oval:org.mitre.oval:def:5505 comment Microsoft Outlook 2007 SP1 is installed oval oval:org.mitre.oval:def:18961 comment Microsoft Outlook 2007 SP2 is installed oval oval:org.mitre.oval:def:18844 comment Microsoft Visio Viewer 2002 is installed oval oval:org.mitre.oval:def:6500 comment Microsoft Office Visio Viewer 2003 is installed oval oval:org.mitre.oval:def:6420 comment Microsoft Office Visio Viewer 2007 is installed oval oval:org.mitre.oval:def:6128 comment Microsoft Visual Studio .NET 2003 SP1 is installed oval oval:org.mitre.oval:def:168 comment Microsoft Visual Studio 2005 Service Pack 1 is installed oval oval:org.mitre.oval:def:6401 comment Microsoft Visual Studio 2008 is installed oval oval:org.mitre.oval:def:5401 comment Microsoft Visual Studio 2008 Service Pack 1 is installed oval oval:org.mitre.oval:def:6205 comment Microsoft Visual C++ 2005 Redistributable Package is installed oval oval:org.mitre.oval:def:29007 comment Microsoft Visual C++ 2008 Redistributable Package is installed oval oval:org.mitre.oval:def:28587 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Outlook Express 5.5 SP2 is installed. oval oval:org.mitre.oval:def:504 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Outlook Express 6 SP1 is installed. oval oval:org.mitre.oval:def:488 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041
description The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." family windows id oval:org.mitre.oval:def:7581 status accepted submitted 2009-12-26T17:00:00.000-05:00 title ATL Uninitialized Object Vulnerability version 110
Saint
| bid | 35832 |
| description | Visual Studio Active Template Library uninitialized object |
| id | misc_vstudioatl |
| osvdb | 56696 |
| title | visual_studio_atl_uninitialized_object |
| type | client |
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 35832 CVE ID:CVE-2009-0901 CNCVE ID:CNCVE-20090901 Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。 Microsoft活动模版库(ATL)处理ATL头字段存在问题,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 ATL头字段存在的一个错误允许攻击者对未正确初始化的VARIANT进行VariantClear调用,基于此攻击者可以提供破坏的流触发错误处理过程中来调用VariantClear而控制整个流程。此漏洞只影响安装了使用Visual Studio ATL的组件和控件的系统。攻击者可以构建恶意WEB页,诱使用户打开来触发远程代码执行。 Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 0 Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1 Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual C++ 2008 Redistributable Package SP1 Microsoft Visual C++ 2008 Redistributable Package 0 Microsoft Visual C++ 2008 SP1 Microsoft Visual C++ 2008 0 Microsoft Visual C++ 2005 Redistributable Package SP1 Microsoft Visual C++ 2005 Redistributable Package 0 Microsoft Visual C++ 2005 SP1 厂商解决方案 用户可参考如下安全补丁: Microsoft Visual C++ 2005 SP1 Microsoft Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73 -40ff-b072-9112bab119c2 Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?FamilyID=63ce454e-f69c -44e3-89fb-eb23c2e2154e Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio 2005 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?FamilyID=7c8729dc-06a2 -4538-a90d-ff9464dc0197 Microsoft Visual C++ 2008 SP1 Microsoft Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5 -4b0a-a8f5-770a549fd78c Microsoft Visual Studio 2008 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94 -49fb-a014-9a38580e64cb Microsoft Visual C++ 2008 0 Microsoft Microsoft Visual C++ 2008 Redistributable Package ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4 -4b6b-9ac5-687ca0770f93 Microsoft Visual Studio 2008 ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd -469d-baea-a4306270462c Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1 Microsoft Visual Studio 64-bit Hosted Visual C++ Tools 2005 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?FamilyID=43f96f2a-69c6 -4c5e-b72c-0edfa35f4fc2 |
| id | SSV:11913 |
| last seen | 2017-11-19 |
| modified | 2009-07-29 |
| published | 2009-07-29 |
| reporter | Root |
| title | Microsoft Visual Studio ATL 'VariantClear()'远程代码执行漏洞 |
References
- http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
- http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
- http://marc.info/?l=bugtraq&m=126592505426855&w=2
- http://marc.info/?l=bugtraq&m=126592505426855&w=2
- http://marc.info/?l=bugtraq&m=126592505426855&w=2
- http://marc.info/?l=bugtraq&m=126592505426855&w=2
- http://secunia.com/advisories/35967
- http://secunia.com/advisories/35967
- http://secunia.com/advisories/36187
- http://secunia.com/advisories/36187
- http://secunia.com/advisories/36374
- http://secunia.com/advisories/36374
- http://secunia.com/advisories/36746
- http://secunia.com/advisories/36746
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
- http://www.adobe.com/support/security/advisories/apsa09-04.html
- http://www.adobe.com/support/security/advisories/apsa09-04.html
- http://www.adobe.com/support/security/bulletins/apsb09-10.html
- http://www.adobe.com/support/security/bulletins/apsb09-10.html
- http://www.adobe.com/support/security/bulletins/apsb09-11.html
- http://www.adobe.com/support/security/bulletins/apsb09-11.html
- http://www.adobe.com/support/security/bulletins/apsb09-13.html
- http://www.adobe.com/support/security/bulletins/apsb09-13.html
- http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
- http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
- http://www.securityfocus.com/bid/35832
- http://www.securityfocus.com/bid/35832
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- http://www.us-cert.gov/cas/techalerts/TA09-223A.html
- http://www.us-cert.gov/cas/techalerts/TA09-223A.html
- http://www.us-cert.gov/cas/techalerts/TA09-286A.html
- http://www.us-cert.gov/cas/techalerts/TA09-286A.html
- http://www.vupen.com/english/advisories/2009/2034
- http://www.vupen.com/english/advisories/2009/2034
- http://www.vupen.com/english/advisories/2009/2232
- http://www.vupen.com/english/advisories/2009/2232
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581