Executive Summary

Title Active Template Library (ATL) Vulnerability
Name cisco-sa-20090728-activex First vendor Publication 2009-07-26
Vendor Cisco Last vendor Modification 2009-07-28
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores


Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml