CVE-2009-0901: CVE-2009-0901

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-0901

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Visual Studio ATL VariantClear()远程代码执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Visual Studio是微软公司的开发工具套件系列产品，是一个基本完整的开发工具集，包括了软件整个生命周期中所需要的大部分工具。 ATL头中的安全漏洞可能允许攻击者使用没有正确初始化的变量调用VariantClear()，因此攻击者可以通过提供被破坏的数据流控制出错处理期间调用VariantClear时所出现的情况。这个漏洞仅直接影响安装了使用Visual Studio ATL所编译的组件和控件的系统。攻击者可以通过创建特制的网页来利用这个漏洞，当用户查看网页时，该漏洞可能允许远

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-0901

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-0901

Please Login to view more intelligence information

http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspxx_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/bulletins/apsb09-11.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/advisories/apsa09-04.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlx_refsource_CONFIRM
http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1x_refsource_CONFIRM
http://secunia.com/advisories/36187third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/35967third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36746third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/35832vdb-entryx_refsource_BID
http://secunia.com/advisories/36374third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1vendor-advisoryx_refsource_SUNALERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlthird-party-advisoryx_refsource_CERT
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/2232vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/2034vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2009-0901

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2009-0901

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2009-0901

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-0901

III. Intelligence Information for CVE-2009-0901

New Vulnerabilities

V. Comments for CVE-2009-0901

Leave a comment