2009-0901 | Microsoft Visual Studio Error code injection (BID-35832 / XFDB-51042)

CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
10.0 $5k-$25k 0.06

A vulnerability was found in Microsoft Visual Studio (Programming Tool Software) (the affected version unknown). It has been classified as very critical. This affects some unknown functionality of the component Error Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-94. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka “ATL Uninitialized Object Vulnerability.”

The weakness was released 07/29/2009 with IBM ISS X-Force (Website). It is possible to read the advisory at us-cert.gov. This vulnerability is uniquely identified as CVE-2009-0901 since 03/14/2009. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/13/2021).

The vulnerability scanner Nessus provides a plugin with the ID 40421 (Shockwave Player Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116529 (Adobe Acrobat and Reader Remote Code Execution Vulnerabilities (APSA09-03 and APSB09-10)).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8317.

The vulnerability is also documented in the databases at SecurityFocus (BID 35832), X-Force (51042), Vulnerability Center (SBV-23743) and Tenable (40421). Entries connected to this vulnerability are available at 4049, 50451, 50449 and 50448.




VulDB Meta Base Score: 10.0
VulDB Meta Temp Score: 10.0

VulDB Base Score: 10.0
VulDB Temp Score: 10.0
VulDB Vector: 🔍
VulDB Reliability: 🔍

🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
Vector Complexity Authentication Confidentiality Integrity Availability
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Class: Privilege escalation
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔍
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔍

0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock

Nessus ID: 40421
Nessus Name: Shockwave Player Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍

OpenVAS ID: 900809
OpenVAS Name: Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
OpenVAS File: 🔍
OpenVAS Family: 🔍

Saint ID: exploit_info/visual_studio_atl_uninitialized_object
Saint Name: Visual Studio Active Template Library uninitialized object

Qualys ID: 🔍
Qualys Name: 🔍

Threat Intelligenceinfoedit

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: no mitigation known
Status: 🔍

0-Day Time: 🔍
TippingPoint: 🔍

McAfee IPS: 🔍
McAfee IPS Version: 🔍

PaloAlto IPS: 🔍
Fortigate IPS: 🔍

03/14/2009 🔍
07/28/2009 +136 days 🔍
07/29/2009 +1 days 🔍
07/29/2009 +0 days 🔍
07/29/2009 +0 days 🔍
10/13/2009 +76 days 🔍
10/14/2009 +1 days 🔍
03/18/2015 +1981 days 🔍
08/13/2021 +2340 days 🔍Vendor: https://www.microsoft.com/

Advisory: us-cert.gov
Organization: IBM ISS X-Force
Status: Not defined
Confirmation: 🔍

CVE: CVE-2009-0901 (🔍)

SecurityFocus: 35832 – Microsoft Visual Studio ATL ‘VariantClear()’ Remote Code Execution Vulnerability
X-Force: 51042
Vulnerability Center: 23743 – [MS09-035] Microsoft Visual Studio and Visual C++ ATL Uninitialized Object Vulnerability, Critical

See also: 🔍

Created: 03/18/2015 15:15
Updated: 08/13/2021 07:24
Changes: (1) source_nessus_risk
Complete: 🔍

Download it now for free!

Source link