CVE-2009-2493

CWE-2644 documents4 sources
Severity
9.3CRITICAL
EPSS
42.1%
top 2.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Visual C\+\+Microsoft Visual Studio
Timeline
PublishedJul 29
Latest updateMay 2

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/visual_studio2003, 2005, 2008+2
NVDmicrosoft/visual_c\+\+2005, 2008+1

Patches

Patch: www.adobe.comPatch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-xrpm-74v3-f6fq: The Active Template Library (ATL) in Microsoft Visual Studio2022-05-02
CVEList
CVE-2009-2493: The Active Template Library (ATL) in Microsoft Visual Studio2009-07-29
VulnCheck
Microsoft Active Template Library (ATL) COM Initialization Vulnerability2009
CVE-2009-2493 (CRITICAL CVSS 9.3) | The Active Template Library (ATL) i | cvebase.io