VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

VRDA-090729-002 ( CVE-2009-0901 | CVE-2009-2493 | CVE-2009-2495 | JVNTA09-209A )

Visual Studio の Active Template Library の脆弱性により、リモートでコードが実行される

http://www.microsoft.com/japan/technet/security/bulletin/MS09-035.mspx

このセキュリティ更新プログラムは、責任ある開示方法で報告された Visual Studio に含まれている、パブリックバージョンの Microsoft Active Template Library (ATL) のいくつかの脆弱性を解決します。このセキュリティ更新プログラムは、特にコンポーネントおよびコントロールの開発者に向けられたものです。ATL を使用してコンポーネントおよびコントロールを作成、配布する開発者はこのセキュリティ情報で提供している更新プログラムをインストールし、このセキュリティ情報で説明している脆弱性の影響を受けないコンポーネントおよびコントロールを作成するためのガイダンスに従い、お客様に配布する必要があります。

About This Analysis Information

Analysis Information Provider:

JPCERT/CC

First Published:

2009-07-29

Source Information Category:

Advisory, Alert

Last Updated:

2009-07-29

Affected Product Tags

cpe:/a:microsoft:visual_c%2B%2B (Microsoft visual_c++)

cpe:/a:microsoft:visual_studio (Microsoft visual_studio)

Vulnerability Analysis Results

[Information Source Reliability]^[?]

Low^[?]

Medium^[?]

High^[?]

[Impact Level]^[?]

Low^[?]

Low-Medium^[?]

Medium-High^[?]

High^[?]

[Access Required]^[?]

Physical^[?]

Local^[?]

Non-routed^[?]

Routed^[?]

[Authentication]^[?]

Privileged^[?]

Standard^[?]

Limited^[?]

None or Unnecessary^[?]

[User Interaction Required]^[?]

Complex^[?]

Simple^[?]

None^[?]

[Technical Difficulty]^[?]

High^[?]

Medium-High^[?]

Low-Medium^[?]

Low^[?]

[Availability of Remediation]^[?]

Official Patch^[?]

Official Workaround^[?]

Unofficial Patch^[?]

None^[?]

[Incident Activity]^[?]

None^[?]

Exploit or PoC^[?]

Activity Observed^[?]

Alternatives

Common Vulnerabilities and Exposures (CVE) CVE-2009-0901

Common Vulnerabilities and Exposures (CVE) CVE-2009-2493

Common Vulnerabilities and Exposures (CVE) CVE-2009-2495

JVN JVNTA09-209A Microsoft Windows、Internet Explorer および Active Template Library (ATL) における脆弱性

マイクロソフトから緊急 1件を含む定例外の各製品向けの更新プログラムが公開されました。

References

Adobe Security bulletin APSA09-04 Security advisory for Adobe Flash Player

Adobe Flash Player 9.0.159.0 and 10.0.22.87, and earlier 9.x and 10.x versions installed on Windows operating systems for use with Internet Explorer leverage a vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882).

Adobe Security bulletin APSB09-11 Security update available for Shockwave Player

Adobe Shockwave Player 11.5.0.600 and earlier versions on Windows leverages a vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882).

Cisco Security Advisory cisco-sa-20090728-activex cisco-sa-20090728-activex

Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution.