Microsoft Windows Active Template Library (ATL) Multiple Vulnerabilities( 12 August 2009 )
RISK: Medium Risk
1. Microsoft Video ActiveX Control Vulnerability
A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to the function CComVariant::ReadFromStream used in the ATL header. This function does not properly restrict untrusted data read from a stream. This issue leads to reading data directly onto the stack instead of reading it into the area of memory allocated for an array, which could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
2. ATL Header Memcopy Vulnerability
A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to an error in the Load method of the IPersistStreamInit interface. The Load method could allow calls to memcopy with untrusted data, which could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
3. ATL Uninitialized Object Vulnerability
A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to a bug in the ATL headers that could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized. Because of this bug, the attacker can control what happens when VariantClear is called during handling of an error by supplying a corrupt stream. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. This vulnerability could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
4. ATL COM Initialization Vulnerability
A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to bugs in the ATL headers that handle instantiation of an object from data streams. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. For components and controls built using ATL, unsafe usage of OleLoadFromStream could allow the instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. This vulnerability could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
5. ATL Object Type Mismatch Vulnerability
A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to a bug in the ATL header that could allow reading a variant from a stream and leaving the variant type read with an invalid variant. When deleting the variant, it is possible to free unintended areas in memory that could be controlled by an attacker.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Microsoft Outlook Express 5.5
- Microsoft Outlook Express 6
- Windows Media Player 9
- Windows Media Player 10
- Windows Media Player 11
- Windows ATL Component
- DHTML Editing Component ActiveX Control
- Microsoft MSWebDVD ActiveX Control
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Service Pack 4
- Microsoft Outlook Express 5.5 Service Pack 2 (KB973354)
- Microsoft Outlook Express 6 Service Pack 1 (KB973354)
- Windows Media Player 9 (KB973540)
- Windows ATL Component (KB973507)
- DHTML Editing Component ActiveX Control (KB973869) - Windows XP Service Pack 2 and Windows XP Service Pack 3
- Microsoft Outlook Express 6 (KB973354) - Windows XP Service Pack 2
- Windows Media Player 9, Windows Media Player 10, and Windows Media Player 11 (KB973540) - Windows XP Service Pack 3
- Windows Media Player 9 (KB973540)
- Windows Media Player 10, and Windows Media Player 11 (KB973540) - Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows ATL Component (KB973507)
- DHTML Editing Component ActiveX Control (KB973869)
- Microsoft MSWebDVD ActiveX Control (KB973815) - Windows XP Professional x64 Edition Service Pack 2
- Microsoft Outlook Express 6 (KB973354)
- Windows Media Player 10 (KB973540)
- Windows Media Player 11 (KB973540)
- Windows ATL Component (KB973507)
- DHTML Editing Component ActiveX Control (KB973869)
- Microsoft MSWebDVD ActiveX Control (KB973815) - Windows Server 2003 Service Pack 2
- Microsoft Outlook Express 6 (KB973354)
- Windows Media Player 10 (KB973540)
- Windows ATL Component (KB973507)
- DHTML Editing Component ActiveX Control (KB973869)
- Microsoft MSWebDVD ActiveX Control (KB973815) - Windows Server 2003 x64 Edition Service Pack 2
-Microsoft Outlook Express 6 (KB973354)
-Windows Media Player 10 (KB973540)
-Windows ATL Component (KB973507)
-DHTML Editing Component ActiveX Control (KB973869)
-Microsoft MSWebDVD ActiveX Control (KB973815) - Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Outlook Express 6 (KB973354)
- Windows ATL Component (KB973507)
- DHTML Editing Component ActiveX Control (KB973869)
- Microsoft MSWebDVD ActiveX Control (KB973815) - Windows Vista
-Windows Media Player 11 (KB973540) - Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows Media Player 11 (KB973540) - Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows ATL Component (KB973507) - Windows Vista x64 Edition, Windows Vista
- Windows Media Player 11 (KB973540) - Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Windows Media Player 11 (KB973540) - Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Windows ATL Component (KB973507) - Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Media Player 11 (KB973540)
- Windows ATL Component (KB973507) - Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Media Player 11 (KB973540)
- Windows ATL Component (KB973507) - Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows ATL Component (KB973507)
Vulnerability Identifier
Source
Related Link
Share with