CVE-2009-2493: CVE-2009-2493

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-2493

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Visual Studio ATL库COM对象初始化代码执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Visual Studio是微软公司的开发工具套件系列产品，是一个基本完整的开发工具集，包括了软件整个生命周期中所需要的大部分工具。使用Visual Studio的ATL库所编译的组件和控件没有安全地使用OleLoadFromStream，可能允许实例化任意对象，绕过Internet Explorer中Kill Bit等相关安全策略。这个漏洞仅直接影响安装了使用Visual Studio ATL所编译的组件和控件的系统。攻击者可以通过创建特制的网页来利用这个漏洞，当用户查看网页时，

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-2493

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-2493

Please Login to view more intelligence information

http://www.adobe.com/support/security/bulletins/apsb09-13.htmlx_refsource_CONFIRM
http://www.openoffice.org/security/cves/CVE-2009-2493.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/bulletins/apsb09-11.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/advisories/apsa09-04.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlx_refsource_CONFIRM
http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1x_refsource_CONFIRM
http://secunia.com/advisories/35967third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36187third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/38568third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36746third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36374third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1vendor-advisoryx_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1vendor-advisoryx_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1vendor-advisoryx_refsource_SUNALERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA09-342A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlthird-party-advisoryx_refsource_CERT
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/2034vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/2232vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0366vdb-entryx_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.htmlvendor-advisoryx_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2009-2493

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-2493

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2009-2493

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-2493

III. Intelligence Information for CVE-2009-2493

IV. Related Vulnerabilities

V. Comments for CVE-2009-2493

Leave a comment