Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-2495

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

Related bugs and status

CVE-2009-2495 (Candidate) is related to these bugs:

Bug #408203: APSB09-10 update to Adobe Reader 9.1.3

Summary				In	Importance	Status
	408203	APSB09-10 update to Adobe Reader 9.1.3		Ubuntu Japanese Kaizen Project	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

VUPEN: ADV-2009-2034
CONFIRM: http://www.adobe.com/s...
SECUNIA: 36374
CONFIRM: http://www.adobe.com/s...
SUNALERT: 266108
CERT: TA09-195A
CERT: TA09-286A
SECUNIA: 36746
SECUNIA: 35967
CONFIRM: http://www.novell.com/...
HP: HPSBMA02488
HP: SSRT100013
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
MS: MS09-035
MS: MS09-060