Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | KB973882 | First vendor Publication | 2009-07-28 |
Vendor | Microsoft | Last vendor Modification | 2009-10-13 |
Severity (Vendor) | N/A | Revision | 4.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is releasing this security advisory to provide information about our ongoing investigation into vulnerabilities in the public and private versions of Microsoft's Active Template Library (ATL). This advisory also provides guidance as to what developers can do to help ensure that the controls and components they have built are not vulnerable to the ATL issues; what IT Professionals and consumers can do to mitigate potential attacks that use the vulnerabilities; and what Microsoft is doing as part of its ongoing investigation into the issue described in this advisory. This security advisory will also provide a comprehensive listing of all Microsoft Security Bulletins and Security Updates related to the vulnerabilities in ATL. Microsoft's investigation into the private and public versions of ATL is ongoing, and we will release security updates and guidance as appropriate as part of the investigation process. Microsoft is aware of security vulnerabilities in the public and private versions of ATL. The Microsoft ATL is used by software developers to create controls or components for the Windows platform. The vulnerabilities described in this Security Advisory and Microsoft Security Bulletin MS09-035 could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL. Components and controls created with the vulnerable version of ATL may be exposed to a vulnerable condition due to how ATL is used or due to issues in the ATL code itself. Developer Guidance: Microsoft has corrected the issues in the public headers of ATL and released updates to the libraries in bulletin MS09-035 "Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution." Microsoft strongly recommends that developers who have built controls or components with ATL take immediate action to evaluate their controls for exposure to a vulnerable condition and follow the guidance provided to create controls and components that are not vulnerable. For more information on the vulnerabilities and guidance to address issues in ATL, see MS09-035, "Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution." IT Professional and Consumer Guidance: To help better protect customers while developers update their components and controls, Microsoft has developed a new defense-in-depth technology. This new defense-in-depth technology built into Internet Explorer helps to protect customers from future attacks using the Microsoft Active Template Library vulnerabilities described in this Advisory and Microsoft Security Bulletin MS09-035. To benefit from this new defense-in-depth technology, IT Professionals and consumers should immediately deploy the Internet Explorer Security Update offered in Microsoft Security Bulletin MS09-034, "Cumulative Security Update for Internet Explorer." This security update includes a mitigation that prevents components and controls built using the vulnerable ATL from being exploited in Internet Explorer, as well as addressing multiple unrelated vulnerabilities. The new defense-in-depth protections offered in MS09-034 include updates to Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. These defense-in-depth protections monitor and help prevent the successful exploitation of all known public and private ATL vulnerabilities, including the vulnerabilities that could lead to bypassing ActiveX's kill bit security feature. These protections are designed to help protect customers from Web-based attacks. Home User Guidance: To help better protect customers while developers update their components and controls, Microsoft has developed a new defense-in-depth technology. This new defense-in-depth technology built into Internet Explorer with the new update helps to protect customers from future attacks using the Microsoft Active Template Library vulnerabilities described in this Advisory and Microsoft Security Bulletin MS09-035. Home users signed up for Automatic Updates will receive the new Internet Explorer update automatically and do not have to take any further action. Home Users will automatically be better protected from future attacks against the vulnerabilities addressed in this Security Advisory and in Microsoft Security Bulletin MS09-035. Mitigating Factors for Controls and Components built using vulnerable version of Microsoft's Active Template Library (ATL):
Updates related to ATL: Update released on October 13, 2009
Updates released on August 25, 2009
Updates released on August 11, 2009
Updates released on July 28, 2009
Update released on July 14, 2009
General InformationOverviewPurpose of Advisory: This advisory was released to provide customers with initial notification of the publicly disclosed vulnerability. For more information, see the Workarounds, Mitigating Factors, and Suggested Actions sections of this security advisory. Advisory Status: Advisory published. Recommendation: Review the suggested actions and configure as appropriate.
This advisory discusses the following software.
Frequently Asked QuestionsWhat is the scope of the advisory? Will Microsoft release additional security updates related to this Security Advisory in the future? Was the msvidctl vulnerability (MS09-032) related to this ATL update? Will the Internet Explorer update (ms09-034) also protect against msvidctl attacks? What is ATL? What causes this threat in ATL? What are the differences between the public and private versions of the Active Template Library? The public version of the Active Template Library is distributed to customers through developer tools, such as Microsoft Visual Studio. Microsoft is providing an updated version of our public ATL through Microsoft Security Bulletin MS09-035. Will the security vulnerabilities in ATL require Microsoft and third-party developers to issue security updates? Microsoft is also providing guidance and is actively contacting major third-party developers to help them identify vulnerable controls and components. This may result in security updates for third party controls and components. Frequently Asked Questions about Windows Live ServicesHow will the upgrade to Windows Live Messenger be distributed? Why is Microsoft releasing the upgrade to Windows Live Messenger over the Windows Live Messenger service as well as providing downloads? If this is an upgrade, how can I detect if I have a vulnerable version of Windows Live Messenger? What happens if I do not upgrade to the most current version of Windows Live Messenger? Are other Microsoft Real-Time Collaboration applications, like Windows Messenger or Office Communicator, affected by this vulnerability? When did Microsoft remove the Windows Live Hotmail "Attach Photo" feature? Did it coincide with the launch of another new feature? What is latest timetable for the "Attach Photo" feature to be fully restored to all Windows Live Hotmail users? Frequently Asked Questions from Developers about the Visual Studio UpdateWhat causes this threat in ATL? What might an attacker use this vulnerability to do? I am a third-party application developer and I use ATL in my component or control. Is my component or control vulnerable, and if so, how do I update it? What does the Security Update for Visual Studio do? The security update for Visual Studio updates the vulnerable version of the ATL used by Visual Studio. This allows Visual Studio users to modify and re-build their controls and components using an updated version of the ATL. Our investigation has shown that both Microsoft and third-party components and controls may be affected by this issue. Therefore, all affected vendors must modify, and rebuild, their components and controls using the corrected ATL provided in Microsoft Security Bulletin MS09-035. Frequently Asked Questions from IT Professionals about what they can do to protect themselvesDoes the IE update MS09-034 protect me from all components and controls that were built on the vulnerable version of ATL? Microsoft is continuing to investigate all Microsoft controls and components and is helping third party developers evaluate their controls and components. What action can an IT professional take to mitigate exposure to this issue? Frequently Asked Questions about what Consumers can do to protect themselvesWhat action can consumers take to mitigate exposure to this issue? Microsoft also encourages Home users to upgrade to Internet Explorer 8 to benefit from enhanced security and protections. Frequently asked Questions about the mitigations in Internet Explorer UpdateWhat causes this threat which could allow the bypass of ActiveX security? The new defense in depth protections offered in MS09-034 include updates to Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8, that monitor and prevent the successful exploitation of all known public and private ATL vulnerabilities, including the vulnerabilities that could lead to bypassing the IE kill bit security feature. These protections are designed to protect customers from Web-based attacks. What might an attacker use this function to do? How could an Attacker use this function? What is a kill bit? For more information on kill bits, see Microsoft Knowledge Base Article 240797: How to stop an ActiveX control from running in Internet Explorer. For more detailed information on kill bits and how they function within Internet Explorer see the following Security Research and Defense blog post. What does the update do? Does this update change functionality? Does this update contain additional software changes? Does this update address all unsafe ActiveX control scenarios? Microsoft is continuing to investigate this issue. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs. How does Protected Mode in Internet Explorer 7 and Internet Explorer 8 on Windows Vista and later protect me from this vulnerability? What is Data Execution Prevention (DEP)? Suggested Actions
WorkaroundsMicrosoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section. Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zonesYou can help protect against this vulnerability by changing your settings for the Internet security zone to prompt before running ActiveX controls and Active Scripting. You can do this by setting your browser security to High. To raise the browsing security level in Microsoft Internet Explorer, follow these steps:
Note If no slider is visible, click Default Level, and then move the slider to High. Note Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High. Impact of Workaround: There are side effects to prompting before running ActiveX controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX controls to provide menus, ordering forms, or even account statements. Prompting before running ActiveX controls or Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run ActiveX controls or Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone . Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone. To accomplish this, follow these steps:
Note Add any sites that you trust not to take malicious action on your computer. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zoneYou can help protect against this vulnerability by changing your Internet Explorer settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:
Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly. Impact of Workaround: There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone". Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone. To accomplish this, follow these steps:
Note Add any sites that you trust not to take malicious action on your computer. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/973882.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-200 | Information Exposure |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6245 | |||
Oval ID: | oval:org.mitre.oval:def:6245 | ||
Title: | ATL COM Initialization Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2493 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6289 | |||
Oval ID: | oval:org.mitre.oval:def:6289 | ||
Title: | ATL Uninitialized Object Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0901 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6304 | |||
Oval ID: | oval:org.mitre.oval:def:6304 | ||
Title: | ATL COM Initialization Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2493 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6305 | |||
Oval ID: | oval:org.mitre.oval:def:6305 | ||
Title: | ATL Null String Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2495 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6311 | |||
Oval ID: | oval:org.mitre.oval:def:6311 | ||
Title: | ATL Uninitialized Object Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0901 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6363 | |||
Oval ID: | oval:org.mitre.oval:def:6363 | ||
Title: | Microsoft Video ActiveX Control Vulnerability | ||
Description: | Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0015 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6373 | |||
Oval ID: | oval:org.mitre.oval:def:6373 | ||
Title: | ATL Uninitialized Object Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0901 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6473 | |||
Oval ID: | oval:org.mitre.oval:def:6473 | ||
Title: | ATL COM Initialization Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2493 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6478 | |||
Oval ID: | oval:org.mitre.oval:def:6478 | ||
Title: | ATL Null String Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2495 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6621 | |||
Oval ID: | oval:org.mitre.oval:def:6621 | ||
Title: | ATL COM Initialization Vulnerability (CVE-2009-2493) | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2493 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7573 | |||
Oval ID: | oval:org.mitre.oval:def:7573 | ||
Title: | ATL Null String Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2495 | Version: | 24 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7581 | |||
Oval ID: | oval:org.mitre.oval:def:7581 | ||
Title: | ATL Uninitialized Object Vulnerability | ||
Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0901 | Version: | 35 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0 Windows Media Player 9 Windows Media Player 10 Windows Media Player 11 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow | More info here |
Visual Studio Active Template Library uninitialized object | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-16 | Name : FreeBSD Ports: openoffice.org File : nvt/freebsd_openoffice.org.nasl |
2009-12-04 | Name : MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability File : nvt/gb_ms_ie_style_object_remote_code_exec_vuln.nasl |
2009-11-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl |
2009-10-14 | Name : Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) File : nvt/secpod_ms09-055.nasl |
2009-10-14 | Name : MS ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965) File : nvt/secpod_ms09-060.nasl |
2009-08-14 | Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) File : nvt/secpod_ms09-037.nasl |
2009-08-03 | Name : Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) File : nvt/secpod_ms09-035.nasl |
2009-07-09 | Name : Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability File : nvt/gb_ms_video_actvx_bof_vuln_jul09.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56699 | Microsoft Visual Studio Active Template Library (ATL) String Manipulation Arb... |
56698 | Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Inst... |
56696 | Microsoft Visual Studio Active Template Library (ATL) Headers VariantClear Co... |
55651 | Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest... A buffer overflow exists in Windows. The DirectShow ActiveX control fails to validate data passed to the IMPEG2TuneRequest interface resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-15 | IAVM : 2009-A-0097 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0021756 |
2009-08-13 | IAVM : 2009-A-0067 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0019882 |
2009-07-30 | IAVM : 2009-B-0033 - Multiple Vulnerabilities in Visual Studio Active Template Library Severity : Category II - VMSKEY : V0019798 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt RuleID : 20744 - Revision : 7 - Type : OS-WINDOWS |
2014-01-10 | Microsoft DirectShow 3 ActiveX exploit via JavaScript RuleID : 16602 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid unicode access RuleID : 16166 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 4 ActiveX clsid access RuleID : 16165 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid unicode access RuleID : 16164 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 3 ActiveX clsid access RuleID : 16163 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid unicode access RuleID : 16162 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 2 ActiveX clsid access RuleID : 16161 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid unicode access RuleID : 16160 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 1 ActiveX clsid access RuleID : 16159 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 6 ActiveX function call unicode access RuleID : 15905 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 6 ActiveX function call access RuleID : 15904 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding RuleID : 15679 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft DirectShow ActiveX exploit via JavaScript RuleID : 15678 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 9 ActiveX clsid unicode access RuleID : 15677 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 9 ActiveX clsid access RuleID : 15676 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 8 ActiveX clsid unicode access RuleID : 15675 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 8 ActiveX clsid access RuleID : 15674 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 7 ActiveX clsid unicode access RuleID : 15673 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 7 ActiveX clsid access RuleID : 15672 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 6 ActiveX function call RuleID : 15671 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 6 ActiveX clsid access RuleID : 15670 - Revision : 18 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 5 ActiveX clsid unicode access RuleID : 15669 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 5 ActiveX clsid access RuleID : 15668 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 45 ActiveX clsid unicode access RuleID : 15667 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 45 ActiveX clsid access RuleID : 15666 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 44 ActiveX clsid unicode access RuleID : 15665 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 44 ActiveX clsid access RuleID : 15664 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 43 ActiveX clsid unicode access RuleID : 15663 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 43 ActiveX clsid access RuleID : 15662 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 42 ActiveX clsid unicode access RuleID : 15661 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 42 ActiveX clsid access RuleID : 15660 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 41 ActiveX clsid unicode access RuleID : 15659 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 41 ActiveX clsid access RuleID : 15658 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 40 ActiveX clsid unicode access RuleID : 15657 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 40 ActiveX clsid access RuleID : 15656 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 4 ActiveX clsid unicode access RuleID : 15655 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 4 ActiveX clsid access RuleID : 15654 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 39 ActiveX clsid unicode access RuleID : 15653 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 39 ActiveX clsid access RuleID : 15652 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 38 ActiveX clsid unicode access RuleID : 15651 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 38 ActiveX clsid access RuleID : 15650 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 37 ActiveX clsid unicode access RuleID : 15649 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 37 ActiveX clsid access RuleID : 15648 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 36 ActiveX clsid unicode access RuleID : 15647 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 36 ActiveX clsid access RuleID : 15646 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 35 ActiveX clsid unicode access RuleID : 15645 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 35 ActiveX clsid access RuleID : 15644 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 34 ActiveX clsid unicode access RuleID : 15643 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 34 ActiveX clsid access RuleID : 15642 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 33 ActiveX clsid unicode access RuleID : 15641 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 33 ActiveX clsid access RuleID : 15640 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 32 ActiveX clsid unicode access RuleID : 15639 - Revision : 10 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 32 ActiveX clsid access RuleID : 15638 - Revision : 18 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 31 ActiveX clsid unicode access RuleID : 15637 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 31 ActiveX clsid access RuleID : 15636 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 30 ActiveX clsid unicode access RuleID : 15635 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 30 ActiveX clsid access RuleID : 15634 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 3 ActiveX clsid unicode access RuleID : 15633 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 3 ActiveX clsid access RuleID : 15632 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 29 ActiveX clsid unicode access RuleID : 15631 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 29 ActiveX clsid access RuleID : 15630 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 28 ActiveX clsid unicode access RuleID : 15629 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 28 ActiveX clsid access RuleID : 15628 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 27 ActiveX clsid unicode access RuleID : 15627 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 27 ActiveX clsid access RuleID : 15626 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 26 ActiveX clsid unicode access RuleID : 15625 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 26 ActiveX clsid access RuleID : 15624 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 25 ActiveX clsid unicode access RuleID : 15623 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 25 ActiveX clsid access RuleID : 15622 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 24 ActiveX clsid unicode access RuleID : 15621 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 24 ActiveX clsid access RuleID : 15620 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 23 ActiveX clsid unicode access RuleID : 15619 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 23 ActiveX clsid access RuleID : 15618 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 22 ActiveX clsid unicode access RuleID : 15617 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 22 ActiveX clsid access RuleID : 15616 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 21 ActiveX clsid unicode access RuleID : 15615 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 21 ActiveX clsid access RuleID : 15614 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 20 ActiveX clsid unicode access RuleID : 15613 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 20 ActiveX clsid access RuleID : 15612 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 2 ActiveX clsid unicode access RuleID : 15611 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 2 ActiveX clsid access RuleID : 15610 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 19 ActiveX clsid unicode access RuleID : 15609 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 19 ActiveX clsid access RuleID : 15608 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 18 ActiveX clsid unicode access RuleID : 15607 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 18 ActiveX clsid access RuleID : 15606 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 17 ActiveX clsid unicode access RuleID : 15605 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 17 ActiveX clsid access RuleID : 15604 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 16 ActiveX clsid unicode access RuleID : 15603 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 16 ActiveX clsid access RuleID : 15602 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 15 ActiveX clsid unicode access RuleID : 15601 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 15 ActiveX clsid access RuleID : 15600 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 14 ActiveX clsid unicode access RuleID : 15599 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 14 ActiveX clsid access RuleID : 15598 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 13 ActiveX clsid unicode access RuleID : 15597 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 13 ActiveX clsid access RuleID : 15596 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 12 ActiveX clsid unicode access RuleID : 15595 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 12 ActiveX clsid access RuleID : 15594 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 11 ActiveX clsid unicode access RuleID : 15593 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 11 ActiveX clsid access RuleID : 15592 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 10 ActiveX clsid unicode access RuleID : 15591 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 10 ActiveX clsid access RuleID : 15590 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Video 1 ActiveX clsid unicode access RuleID : 15589 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Video 1 ActiveX clsid access RuleID : 15588 - Revision : 13 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-6386.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c97d7a37223311df96dd001b2134ef46.nasl - Type : ACT_GATHER_INFO |
2010-02-12 | Name : The remote Windows host has a program affected by multiple buffer overflows. File : openoffice_32.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO |
2009-12-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12564.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-072.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO |
2009-10-14 | Name : Arbitrary code can be executed on the remote host through Microsoft Office Ac... File : smb_nt_ms09-060.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : The remote Windows host has multiple ActiveX controls that are affected by mu... File : smb_nt_ms09-055.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_flash-player-6387.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_flash-player-090731.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-037.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_flash-player-090731.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_flash-player-090731.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-035.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb09_10.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Windows host contains an Internet Explorer plugin which uses a vul... File : shockwave_player_apsb09_11.nasl - Type : ACT_GATHER_INFO |
2009-07-07 | Name : The remote Windows host is missing a security update containing ActiveX kill ... File : smb_kb_972890.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:46:47 |
|