SUN-264648

Executive Summary

Summary
Title	Sun Alert 264648 Security Vulnerability in the Active Template Library in Various Releases of Microsoft Visual Studio Used by the Java Web Start ActiveX Control May Be Leveraged to Execute Arbitrary Code

Informations
Name	SUN-264648	First vendor Publication	2009-08-04
Vendor	Sun	Last vendor Modification	2010-01-20
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java Standard Edition (Java SE)

A security vulnerability in the Active TemplateLibrary (ATL) in various releases of Microsoft Visual Studio that isused by the Java Web Start ActiveX control may allow the Java Web StartActiveX control to be leveraged to execute arbitrary code. This mayoccur as the result of a user of the Java Runtime Environment viewing aspecially crafted web page that exploits this vulnerability.

Note: The Java Runtime Environment includes the Java Web Start technologywhich uses the Java Web Start ActiveX control to launch Java Web Startin Internet Explorer.

Sun acknowledges with thanks, Microsoft Vulnerability Research (MSVR)for bringing this issue to our attention, and David Dewey of IBMISS-X-Force and Ryan Smith of Verisign iDefense Labs for reporting theissues to Microsoft. For more information, see the following:

http://www.microsoft.com/technet/security/advisory/973882.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

This issue is referenced in the following document:

CVE-2009-2493 at http://www.security-database.com/detail.php?cve=CVE-2009-2493

State: Resolved

First released: 04-Aug-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_264648_security_vulnerability

CWE : Common Weakness Enumeration

id	Name
CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6716

Oval ID:	oval:org.mitre.oval:def:6716
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	23
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Internet Explorer Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control HtmlInput Object ActiveX Control
Definition Synopsis:
Internet Explorer 5.01 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Internet Explorer 5.01 SP4 is installed AND Mshtml.dll version is less than 5.0.3882.2700 OR Check for vulnerable Internet Explorer 6 Microsoft Internet Explorer 6 is installed AND Check for vulnerable OS Check for vulnerable Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Mshtml.dll version is less than 6.0.2800.1642 OR Check for vulnerable Windows XP (x86) SP2 Microsoft Windows XP (x86) SP2 is installed AND Mshtml.dll version is less than 6.0.2900.3640 OR Check for vulnerable Windows XP (x86) SP3 Microsoft Windows XP (x86) SP3 is installed AND Mshtml.dll version is less than 6.0.2900.5897 OR Check for vulnerable OS Check for vulnerable Windows XP x64 SP2/Windows Server 2003 SP2 (x86)/(x64)/(ia64) Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Mshtml.dll version is less than 6.0.3790.4611 OR Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 OR Microsoft Visio Viewer 2002 Microsoft Visio Viewer 2002 is installed OR Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000 OR Microsoft Windows OS and Vulnerable ActiveX OS Check Microsoft Windows 2000 SP4 or later is installed AND Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Vulnerable ActiveX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags is not equal to 0x00000400 OR Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 OR Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148 OR Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP SP2 x86 Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND Check for affected platforms with vulnerable file Check for Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Check for Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Check for Windows XP SP2 (64-bit) and 2003 x86/x64/ia64 OS Check Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 SP4 (KB973540) Microsoft Windows 2000 SP4 or later is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP SP2 x86 (KB973540) Microsoft Windows XP (x86) SP2 is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP SP3 x86 (KB973540) Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.4507 AND Wmpdxm.dll version is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP SP2/SP3 x86/x64, Server 2003 SP2 x86/x64 (KB973540) Windows Media Player v10 is installed. AND Check for affected platforms with vulnerable file Check for Windows XP SP2/SP3 OS check Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND file checks the version of Wmp.dll is less than 10.0.0.4074 AND Wmpdxm.dll version is less than 10.0.0.4074 OR Check for Windows XP x64 SP2, Windows Server 2003 x64 SP2 OS Check Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND file checks the version of Wwmp.dll is less than 10.0.0.4006 AND Wwmpdxm.dll version is less than 10.0.0.4006 OR Check for Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND file checks the version of Wmp.dll is less than 10.0.0.4006 AND Wmpdxm.dll version is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP x86 SP2/SP3, XP x64 SP2 (KB973540) OS Check Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND Windows Media Player v11 is installed. AND file checks the version of Wmp.dll is less than 11.0.5721.5268 AND Wmpdxm.dll version is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows Vista 32-bit/64-bit RTM (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check the version of Wmp.dll is less than 11.0.6000.6352 AND Wmpdxm.dll version is less than 11.0.6000.6352 OR LDR version check the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND file checks the version of Wmp.dll is less than 11.0.6000.6511 AND Wmpdxm.dll version is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista 32/64-bit SP1, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check the version of Wmp.dll is less than 11.0.6001.7007 AND Wmpdxm.dll version is less than 11.0.6001.7007 OR LDR version check the version of Spwmp.dll is greater than or equal 6.0.6001.22000 AND file checks the version of Wmp.dll is less than 11.0.6001.7114 AND Wmpdxm.dll version is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista 32/64-bit SP2, Server 2008 32/64-bit SP2 (KB973540) OS Check Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check the version of Wmp.dll is less than 11.0.6002.18065 AND Wmpdxm.dll version is less than 11.0.6002.18065 OR LDR version check the version of Spwmp.dll is greater than or equal 6.0.6002.22000 AND file checks the version of Wmp.dll is less than 11.0.6002.22172 AND Wmpdxm.dll version is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 OS Check Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 OS Check Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit OS Check Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x64, Server 2003 x86/x64 OS Check Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check for windows Vista X86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GRD/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6000.16891 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6000.20000 AND the version of Ehkeyctl.dll is less than 6.0.6000.21090 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista SP1 OS Check Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND GDR/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6001.18295 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6001.22000 AND the version of Ehkeyctl.dll is less than 6.0.6001.22476 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista SP2 OS check Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND GDR/LDR version check the version of Ehkeyctl.dll is less than 6.0.6002.18072 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6002.22000 AND the version of Ehkeyctl.dll is less than 6.0.6002.22181

Definition Id: oval:org.mitre.oval:def:6621

Oval ID:	oval:org.mitre.oval:def:6621
Title:	ATL COM Initialization Vulnerability (CVE-2009-2493)
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	1
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
IF Microsoft Windows 2000 SP4 or later is installed AND Microsoft Internet Explorer 5.01 SP4 is installed AND Mshtml.dll version is less than 5.0.3882.2700 OR Microsoft Windows 2000 SP4 or later is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2800.1642 OR Microsoft Windows XP (x86) SP2 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.3640 OR Microsoft Windows XP (x86) SP3 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.5897 OR IF Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4611

Definition Id: oval:org.mitre.oval:def:6473

Oval ID:	oval:org.mitre.oval:def:6473
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	2
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007
Definition Synopsis:
Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 OR Microsoft Visio Viewer 2002 Microsoft Visio Viewer 2002 is installed OR Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000

Definition Id: oval:org.mitre.oval:def:6421

Oval ID:	oval:org.mitre.oval:def:6421
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	2
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):
Definition Synopsis:
IF Microsoft Windows 2000 SP4 or later is installed AND Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags is not equal to 0x00000400

Definition Id: oval:org.mitre.oval:def:6304

Oval ID:	oval:org.mitre.oval:def:6304
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	10
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package
Definition Synopsis:
Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 Service Pack 1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 OR Microsoft Visual Studio 2008 Service Pack 1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148

Definition Id: oval:org.mitre.oval:def:6245

Oval ID:	oval:org.mitre.oval:def:6245
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control
Definition Synopsis:
Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Microsoft Outlook Express 6 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Microsoft Outlook Express 6 on Windows XP SP2 (64-bit) Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 AND Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (ia64) Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3271 OR Windows Media Player 9 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4074 OR Windows Media Player 10 on Windows XP SP2 (x64-bit) Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 10 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 10 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows XP SP2 (x64-bit) Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.16000 AND the version of Wmp.dll is less than 11.0.6000.6352 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.18000 AND the version of Wmp.dll is less than 11.0.6001.7007 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.18000 AND the version of Wmp.dll is less than 11.0.6002.18065 OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND the version of Wmp.dll is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.22000 AND the version of Wmp.dll is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.22000 AND the version of Wmp.dll is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit IF Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x64, Server 2003 x86/x64 IF Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Visual C++ cpe:/a:microsoft:visual_c++:2008:redistribution_pkg cpe:/a:microsoft:visual_c++:2008:sp1_redistribution_pkg cpe:/a:microsoft:visual_c++:2005:sp1_redistribution_pkg	3
Application	Microsoft Visual Studio cpe:/a:microsoft:visual_studio:2008:sp1 cpe:/a:microsoft:visual_studio:2008 cpe:/a:microsoft:visual_studio:2005:sp1 cpe:/a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c++_tools	4
Application	Microsoft Visual Studio .Net cpe:/a:microsoft:visual_studio_.net:2003:sp1	1

Open Source Vulnerability Database (OSVDB)

id	Description
56698	Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Inst...

Type	Count
Oval ID(s)	6
CPE ID(s)	8
osvdb(s)	1

Related	Severity
MS09-035	(Critical)
KB973882	(Critical)
CVE-2009-2493	(Critical)

Same Subject	Severity
Login to view 26 more Alert(s)

SUN-264648

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU