Executive Summary
Summary | |
---|---|
Title | Active Template Library (ATL) Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20090728-activex | First vendor Publication | 2009-07-26 |
Vendor | Cisco | Last vendor Modification | 2009-07-28 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site. Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml |