CVE-2009-0901
Description
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka ATL Uninitialized Object Vulnerability.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
65.351
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Outlook Express 6.0 for Windows 2000 (KB973354) | Windows |
| Security Update for Windows XP (KB973354) x86 based systems | Windows |
| Security Update for Windows XP (KB973354) x86 based systems for SP3 | Windows |
| Security Update for Windows Server 2003 (KB973354) | Windows |
| Security Update for Windows XP x64 Edition (KB973354) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB973354) | Windows |
| Security Update for Windows Media Player 9 for Windows 2000 (KB973540) | Windows |
| Security Update for Windows XP Service Pack 2 (KB973540) | Windows |
| Security Update for Windows XP Service Pack 3 (KB973540) | Windows |
| Security Update for Windows XP x64 Edition (KB973540) | Windows |
| Security Update for Windows Media Player 11 for Windows XP X64 Edition (KB973540) | Windows |
| Security Update for Windows Server 2003 (KB973540) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB973540) | Windows |
| Security Update for Windows Vista (KB973540) x86 based systems | Windows |
| Security Update for Windows Vista (KB973540) x86 based systems for SP1 | Windows |
| Security Update for Windows Vista (KB973540) x86 based systems for SP2 | Windows |
| Security Update for Windows Vista for x64-based Systems (KB973540) | Windows |
| Security Update for Windows Vista for x64-based Systems (KB973540) for SP1 | Windows |
| Security Update for Windows Vista for x64-based Systems (KB973540) | Windows |
| Security Update for Windows Server 2008 (KB973540) x86 based systems | Windows |
| Security Update for Windows Server 2008 (KB973540) x86 based systems for SP2 | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB973540) | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB973540) for SP2 | Windows |
| Security Update for Windows 2000 (KB973507) | Windows |
| Security Update for Windows XP (KB973507) | Windows |
| Security Update for Windows XP x64 Edition (KB973507) | Windows |
| Security Update for Windows Vista (KB973507) | Windows |
| Security Update for Windows Vista for x64-based Systems (KB973507) | Windows |
| Security Update for Windows Server 2008 (KB973507) | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB973507) | Windows |
| Security Update for Windows Server 2003 (KB973507) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB973507) | Windows |
| Security Update for Windows 2000 (KB973869) | Windows |
| Security Update for Windows XP (KB973869) | Windows |
| Security Update for Windows Server 2003 (KB973869) | Windows |
| Security Update for Windows XP x64 Edition (KB973869) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB973869) | Windows |
| Security Update for Windows XP (KB973815) x86 based systems | Windows |
| Security Update for Windows XP (KB973815) x86 based systems for SP3 | Windows |
| Security Update for Windows Server 2003 (KB973815) | Windows |
| Security Update for Windows XP x64 Edition (KB973815) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB973815) | Windows |
| Security Update for Windows XP Service Pack 2 (KB973540) | Windows |
| Security Update for Windows XP Service Pack 3 (KB973540) x86 based systems | Windows |
| Security Update for Windows XP Service Pack 2 (KB973540) | Windows |
| Security Update for Windows XP Service Pack 3 (KB97354011) x86 based systems | Windows |
| Security Update for Microsoft Outlook 2002 (KB973702) | Windows |
| Update for Microsoft Office Outlook 2007 (KB972363) | Windows |
| Visual Studio 2005 Service Pack 1 ATL Security Update(KB971090) | Windows |
| Visual Studio 2005 Service Pack 1 ATL for Smart Devices Security Update(KB973673) | Windows |
| Visual Studio 2008 ATL Security Update(KB971091) | Windows |
| Visual Studio 2008 Service Pack 1 ATL Security Update(KB971092) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-7321 | Security Update for Windows Vista (KB973540) |
| PATCH-7324 | Security Update for Windows Vista for x64-based Systems (KB973540) |
| PATCH-7325 | Security Update for Windows Server 2008 (KB973540) |
| PATCH-7326 | Security Update for Windows Server 2008 (KB973540) |
| PATCH-7327 | Security Update for Windows Server 2008 x64 Edition (KB973540) |
| PATCH-7328 | Security Update for Windows Server 2008 x64 Edition (KB973540) |
| PATCH-7334 | Security Update for Windows Server 2008 (KB973507) |
| PATCH-7335 | Security Update for Windows Server 2008 x64 Edition (KB973507) |
| PATCH-7754 | Update for Microsoft Office Outlook 2007 (KB972363) |
| PATCH-9461 | Visual Studio 2005 Service Pack 1 ATL Security Update(KB971090) |
| PATCH-9462 | Visual Studio 2005 Service Pack 1 ATL for Smart Devices Security Update(KB973673) |
| PATCH-9463 | Visual Studio 2008 ATL Security Update(KB971091) |
| PATCH-9464 | Visual Studio 2008 Service Pack 1 ATL Security Update(KB971092) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234