Microsoft Office ATL ActiveX Controls Multiple Vulnerabilities( 14 October 2009 )
RISK: Medium Risk
1. ATL Uninitialized Object Vulnerability
A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to an issue in the ATL headers that could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized. Because of this, the attacker can control what happens when VariantClear is called during handling of an error by supplying a corrupt stream. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. This issue could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
2. ATL COM Initialization Vulnerability
A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to issues in the ATL headers that handle instantiation of an object from data streams. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. For components and controls built using ATL, unsafe usage of OleLoadFromStream could allow the instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. This issue could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
3. ATL Null String Vulnerability
An information disclosure vulnerability exists in the Microsoft Active Template Library (ATL) that could allow a string to be read without a terminating NULL character. An attacker could manipulate this string to read extra data beyond the end of the string and thus disclose information in memory. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. An attacker who successfully exploited this vulnerability could run a malicious component or control that could disclose information, forward user data to a third party, or access any data on the affected systems that was accessible to the logged-on user. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office XP
- Microsoft Office 2003
- 2007 Microsoft Office System
- Microsoft Outlook 2002
- Microsoft Office Outlook 2003
- Microsoft Office Outlook 2007
- Microsoft Visio 2002 Viewer
- Microsoft Office Visio 2003 Viewer
- Microsoft Office Visio Viewer 2007
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office XP Service Pack 3
- Microsoft Outlook 2002 Service Pack 3 (KB973702) - Microsoft Office 2003 Service Pack 3
- Microsoft Office Outlook 2003 Service Pack 3 (KB973705) - 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2
- Microsoft Office Outlook 2007 Service Pack 1 and Microsoft Office Outlook 2007 Service Pack 2 (KB972363) - Microsoft Visio 2002 Viewer
- Microsoft Office Visio 2003 Viewer
- Microsoft Office Visio Viewer 2007, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2 (KB973709)
Vulnerability Identifier
Source
Related Link
Share with