CVE-2009-2495Sensitive Information Exposure in Microsoft Visual C

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.8HIGHNVD
EPSS
45.7%
top 2.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Visual CMicrosoft Visual StudioMicrosoft Visual Studio NET
Timeline
PublishedJul 29
Latest updateMay 2

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

NVDmicrosoft/visual_studio2005, 2008+1
NVDmicrosoft/visual_c2005, 2008+1

🔴Vulnerability Details

2
GHSA
GHSA-w98q-7wf3-vg43: The Active Template Library (ATL) in Microsoft Visual Studio2022-05-02
CVEList
CVE-2009-2495: The Active Template Library (ATL) in Microsoft Visual Studio2009-07-29
CVE-2009-2495 — Sensitive Information Exposure | cvebase