2009-0901 | Microsoft Visual Studio Error code injection (BID-35832 / XFDB-51042)
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability was found in Microsoft Visual Studio (Programming Tool Software) (the affected version unknown). It has been classified as very critical. This affects some unknown functionality of the component Error Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-94. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka “ATL Uninitialized Object Vulnerability.”
The weakness was released 07/29/2009 with IBM ISS X-Force (Website). It is possible to read the advisory at us-cert.gov. This vulnerability is uniquely identified as CVE-2009-0901 since 03/14/2009. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/13/2021).
The vulnerability scanner Nessus provides a plugin with the ID 40421 (Shockwave Player Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116529 (Adobe Acrobat and Reader Remote Code Execution Vulnerabilities (APSA09-03 and APSB09-10)).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8317.
The vulnerability is also documented in the databases at SecurityFocus (BID 35832), X-Force (51042), Vulnerability Center (SBV-23743) and Tenable (40421). Entries connected to this vulnerability are available at 4049, 50451, 50449 and 50448.
VulDB Meta Base Score: 10.0
VulDB Meta Temp Score: 10.0
NVD Base Score: 🔍
Class: Privilege escalation
Status: Not defined
Saint ID: exploit_info/visual_studio_atl_uninitialized_object
Saint Name: Visual Studio Active Template Library uninitialized object
07/28/2009 +136 days 🔍
07/29/2009 +1 days 🔍
07/29/2009 +0 days 🔍
07/29/2009 +0 days 🔍
10/13/2009 +76 days 🔍
10/14/2009 +1 days 🔍
03/18/2015 +1981 days 🔍
08/13/2021 +2340 days 🔍Vendor: https://www.microsoft.com/
SecurityFocus: 35832 – Microsoft Visual Studio ATL ‘VariantClear()’ Remote Code Execution Vulnerability
Vulnerability Center: 23743 – [MS09-035] Microsoft Visual Studio and Visual C++ ATL Uninitialized Object Vulnerability, Critical
See also: 🔍
Download it now for free!