Microsoft Windows ATL COM Initialization Vulnerability( 14 October 2009 )

Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 5460 Views

RISK: Medium Risk

Medium Risk

A remote code execution vulnerability exists in the Microsoft ActiveX controls listed in the FAQ section of this vulnerability, which were compiled using the vulnerable Microsoft Active Template Library described in Microsoft Security Bulletin MS09-035. An attacker could exploit the vulnerability in these controls by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows CryptoAPI Multiple Vulnerabilities( 14 October 2009 )

14 Oct 2009 5370 Views

Next

Microsoft Office ATL ActiveX Controls Multiple Vulnerabilities( 14 October 2009 )

14 Oct 2009 5350 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY