Zurück zur CVE-Übersicht
CVE-2009-2495
MEDIUM(6.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Risk Signal Score36/100 — MITTEL
- CVSS 6.5 — Mittel
- EPSS 66%
EPSS-Score
66%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.5
Technische Schwere
Beschreibung
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Referenzen
- http://marc.info/?l=bugtraq&m=126592505426855&w=2
- http://secunia.com/advisories/35967
- http://secunia.com/advisories/36374
- http://secunia.com/advisories/36746
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
- http://www.adobe.com/support/security/bulletins/apsb09-10.html
- http://www.adobe.com/support/security/bulletins/apsb09-13.html
- http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- http://www.us-cert.gov/cas/techalerts/TA09-286A.html