10 - CVE-2009-2494

Executive Summary

Informations
Name	CVE-2009-2494	First vendor Publication	2009-08-12
Vendor	Cve	Last vendor Modification	2025-01-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2494

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5708

Oval ID:	oval:org.mitre.oval:def:5708
Title:	ATL Object Type Mismatch Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2494	Version:	16
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control HtmlInput Object ActiveX Control
Definition Synopsis:
Microsoft Outlook Express 5.5 SP2 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP x86 Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND Check for affected platforms with vulnerable file Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Check for Windows XP (64-bit) and 2003 x86/x64/ia64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 (KB973540) Microsoft Windows 2000 is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks Wmp.dll version is less than 9.0.0.4507 AND Wmpdxm.dll version is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP x86/x64, Server 2003 x86/x64 (KB973540) Windows Media Player v10 is installed. AND Check for affected platforms with vulnerable file Check for Windows XP Microsoft Windows XP (32-bit) is installed AND file checks Wmp.dll version is less than 10.0.0.4074 AND Wmpdxm.dll version is less than 10.0.0.4074 OR Check for Windows XP x64, Windows Server 2003 x64 OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND file checks the version of Wwmp.dll is less than 10.0.0.4006 AND Wwmpdxm.dll version is less than 10.0.0.4006 OR Check for Windows Server 2003 x86 Microsoft Windows Server 2003 (32-bit) is installed AND file checks the version of Wmp.dll is less than 10.0.0.4006 AND Wmpdxm.dll version is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP x86/x64 (KB973540) OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Windows Media Player v11 is installed. AND file checks Wmp.dll version is less than 11.0.5721.5268 AND Wmpdxm.dll version is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows Vista 32-bit/64-bit RTM (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check the version of Wmp.dll is less than 11.0.6000.6352 AND Wmpdxm.dll version is less than 11.0.6000.6352 OR LDR version check the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND file checks the version of Wmp.dll is less than 11.0.6000.6511 AND Wmpdxm.dll version is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6001.7007 AND Wmpdxm.dll version is less than 11.0.6001.7007 OR LDR version check Spwmp.dll version is greater than or equal to 6.0.6001.22000 AND file checks Wmp.dll version is less than 11.0.6001.7114 AND Wmpdxm.dll version is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6002.18065 AND Wmpdxm.dll version is less than 11.0.6002.18065 OR LDR version check Spwmp.dll version is greater than or equal 6.0.6002.22000 AND file checks Wmp.dll version is less than 11.0.6002.22172 AND Wmpdxm.dll version is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 Microsoft Windows 2000 is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows XP x64 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 Microsoft Windows 2000 is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP x64, Server 2003 x86/x64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) Gold is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check for windows Vista X86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GRD/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6000.16891 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6000.20000 AND the version of Ehkeyctl.dll is less than 6.0.6000.21090 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6001.18295 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6001.22000 AND the version of Ehkeyctl.dll is less than 6.0.6001.22476 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version check the version of Ehkeyctl.dll is less than 6.0.6002.18072 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6002.22000 AND the version of Ehkeyctl.dll is less than 6.0.6002.22181

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000:-:sp4::::::	1
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::* cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:::::* cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*	6
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::* cpe:2.3:o:microsoft:windows_vista:::::::: cpe:2.3:o:microsoft:windows_vista:-:sp1:::::: cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	5
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::* cpe:2.3:o:microsoft:windows_xp:-:sp2:::::: cpe:2.3:o:microsoft:windows_xp:-:sp3::::::	3

SAINT Exploits

Description	Link
Visual Studio Active Template Library object type mismatch vulnerability	More info here

ExploitDB Exploits

id	Description
2010-04-30	Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

OpenVAS Exploits

Date	Description
2009-08-14	Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) File : nvt/secpod_ms09-037.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
56910	Microsoft Visual Studio Active Template Library (ATL) Header Mismatch Remote ...

Information Assurance Vulnerability Management (IAVM)

Date	Description
2009-08-13	IAVM : 2009-A-0067 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0019882

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Video 6 ActiveX function call unicode access RuleID : 15905 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 6 ActiveX function call access RuleID : 15904 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 6 ActiveX function call RuleID : 15671 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 6 ActiveX clsid access RuleID : 15670 - Revision : 18 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 32 ActiveX clsid unicode access RuleID : 15639 - Revision : 10 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 32 ActiveX clsid access RuleID : 15638 - Revision : 18 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date	Description
2009-08-11	Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-037.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve...
http://osvdb.org/56910
http://secunia.com/advisories/36187
http://www.securityfocus.com/bid/35982
http://www.securitytracker.com/id?1022712
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
http://www.vupen.com/english/advisories/2009/2232
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2025-01-21 21:21:13	Multiple Updates
2024-11-28 23:10:40	Multiple Updates
2024-11-28 12:19:26	Multiple Updates
2023-12-07 21:28:05	Multiple Updates
2021-05-04 12:09:50	Multiple Updates
2021-04-22 01:10:10	Multiple Updates
2020-05-23 00:24:03	Multiple Updates
2019-02-26 17:19:32	Multiple Updates
2018-10-31 00:19:57	Multiple Updates
2018-10-13 00:22:50	Multiple Updates
2017-09-19 09:23:18	Multiple Updates
2016-09-30 01:02:07	Multiple Updates
2016-08-31 12:01:50	Multiple Updates
2016-06-28 17:46:09	Multiple Updates
2016-04-26 18:58:44	Multiple Updates
2014-02-17 10:50:49	Multiple Updates
2014-01-19 21:26:01	Multiple Updates
2013-11-11 12:38:21	Multiple Updates
2013-05-10 23:54:00	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	16
Sources(s)	9
Saint Exploit(s)	1
osvdb(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	1
IAVM(s)	1
Snort® Rule(s)	6
Nessus® Exploit(s)	1

	Related
10	TA09-223A
10	MS09-037
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)