CVE-2009-2493

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka ATL COM Initialization Vulnerability.

Risk Information

Base Score

9.8

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

42.132

Associated Vulnerability

Vulnerability	OS Platform
Security Update for Outlook Express 6.0 for Windows 2000 (KB973354)	Windows
Security Update for Windows XP (KB973354) x86 based systems	Windows
Security Update for Windows XP (KB973354) x86 based systems for SP3	Windows
Security Update for Windows Server 2003 (KB973354)	Windows
Security Update for Windows XP x64 Edition (KB973354)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973354)	Windows
Security Update for Windows Media Player 9 for Windows 2000 (KB973540)	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB973540)	Windows
Security Update for Windows XP x64 Edition (KB973540)	Windows
Security Update for Windows Media Player 11 for Windows XP X64 Edition (KB973540)	Windows
Security Update for Windows Server 2003 (KB973540)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973540)	Windows
Security Update for Windows Vista (KB973540) x86 based systems	Windows
Security Update for Windows Vista (KB973540) x86 based systems for SP1	Windows
Security Update for Windows Vista (KB973540) x86 based systems for SP2	Windows
Security Update for Windows Vista for x64-based Systems (KB973540)	Windows
Security Update for Windows Vista for x64-based Systems (KB973540) for SP1	Windows
Security Update for Windows Vista for x64-based Systems (KB973540)	Windows
Security Update for Windows Server 2008 (KB973540) x86 based systems	Windows
Security Update for Windows Server 2008 (KB973540) x86 based systems for SP2	Windows
Security Update for Windows Server 2008 x64 Edition (KB973540)	Windows
Security Update for Windows Server 2008 x64 Edition (KB973540) for SP2	Windows
Security Update for Windows 2000 (KB973507)	Windows
Security Update for Windows XP (KB973507)	Windows
Security Update for Windows XP x64 Edition (KB973507)	Windows
Security Update for Windows Vista (KB973507)	Windows
Security Update for Windows Vista for x64-based Systems (KB973507)	Windows
Security Update for Windows Server 2008 (KB973507)	Windows
Security Update for Windows Server 2008 x64 Edition (KB973507)	Windows
Security Update for Windows Server 2003 (KB973507)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973507)	Windows
Security Update for Windows 2000 (KB973869)	Windows
Security Update for Windows XP (KB973869)	Windows
Security Update for Windows Server 2003 (KB973869)	Windows
Security Update for Windows XP x64 Edition (KB973869)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973869)	Windows
Security Update for Windows XP (KB973815) x86 based systems	Windows
Security Update for Windows XP (KB973815) x86 based systems for SP3	Windows
Security Update for Windows Server 2003 (KB973815)	Windows
Security Update for Windows XP x64 Edition (KB973815)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973815)	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB973540) x86 based systems	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB97354011) x86 based systems	Windows
Cumulative Security Update for ActiveX Killbits for Windows 2000 (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows XP (KB973525) x86 based systems	Windows
Cumulative Security Update for ActiveX Killbits for Windows XP (KB973525) x86 based systems for SP3	Windows
Security Update for ActiveX Killbits for Windows Server 2003 (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows Vista (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows 7 (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows XP x64 Edition (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows Vista for x64-based Systems (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 x64 Edition (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB973525)	Windows
Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB973525)	Windows
Security Update for Microsoft Outlook 2002 (KB973702)	Windows
Update for Microsoft Office Outlook 2007 (KB972363)	Windows
Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB976325)	Windows
Update for Internet Explorer 6 SP1 (KB976325)	Windows
Cumulative Security Update for Internet Explorer for Windows XP (KB976325)	Windows
Cumulative Security Update for Internet Explorer for Windows XP (KB976325)	Windows
Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 for Windows XP (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB976325) x86 based systems	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB976325) x86 based systems for SP1	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB976325) x86 based systems	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB976325) for SP1	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB976325) for SP2	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB976325) for SP2	Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB975364) x86 based systems	Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB975364) x86 based systems for SP3	Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB976325)	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB976325) x86 based systems	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB976325) x86 based systems for SP1	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB976325) x86 based systems for SP2	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB976325) x86 based systems	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB976325) x86 based systems for SP2	Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB976325)	Windows
Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB976325)	Windows
http://www.microsoft.com/downloads/details.aspx?familyid=1e466b48-422f-4c80-8fdf-ba61111942b1&displaylang=en	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB976325) for SP2	Windows
Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB976325)	Windows
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB976325)	Windows
Visual Studio 2005 Service Pack 1 ATL Security Update(KB971090)	Windows
Visual Studio 2005 Service Pack 1 ATL for Smart Devices Security Update(KB973673)	Windows
Visual Studio 2008 ATL Security Update(KB971091)	Windows
Visual Studio 2008 Service Pack 1 ATL Security Update(KB971092)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-7321	Security Update for Windows Vista (KB973540)
PATCH-7324	Security Update for Windows Vista for x64-based Systems (KB973540)
PATCH-7325	Security Update for Windows Server 2008 (KB973540)
PATCH-7326	Security Update for Windows Server 2008 (KB973540)
PATCH-7327	Security Update for Windows Server 2008 x64 Edition (KB973540)
PATCH-7328	Security Update for Windows Server 2008 x64 Edition (KB973540)
PATCH-7334	Security Update for Windows Server 2008 (KB973507)
PATCH-7335	Security Update for Windows Server 2008 x64 Edition (KB973507)
PATCH-7665	Cumulative Security Update for ActiveX Killbits for Windows XP (KB973525)
PATCH-7666	Security Update for ActiveX Killbits for Windows Server 2003 (KB973525)
PATCH-7670	Cumulative Security Update for ActiveX Killbits for Windows Server 2008 (KB973525)
PATCH-7674	Cumulative Security Update for ActiveX Killbits for Windows XP x64 Edition (KB973525)
PATCH-7675	Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB973525)
PATCH-7676	Cumulative Security Update for ActiveX Killbits for Windows Vista for x64-based Systems (KB973525)
PATCH-7677	Cumulative Security Update for ActiveX Killbits for Windows Server 2008 x64 Edition (KB973525)
PATCH-7754	Update for Microsoft Office Outlook 2007 (KB972363)
PATCH-7949	Cumulative Security Update for Internet Explorer for Windows XP (KB976325)
PATCH-7950	Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB976325)
PATCH-7955	Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB976325)
PATCH-7957	Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB976325)
PATCH-7959	Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB976325)
PATCH-7961	Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB976325)
PATCH-7965	Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB976325)
PATCH-7966	Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB976325)
PATCH-7967	Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB976325)
PATCH-7968	Cumulative Security Update for Internet Explorer 8 for Windows XP (KB976325)
PATCH-7969	Cumulative Security Update for Internet Explorer 8 for Windows XP (KB976325)
PATCH-7970	Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB976325)
PATCH-7972	Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB976325)
PATCH-7973	Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB976325)
PATCH-7974	Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB976325)
PATCH-7975	Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB976325)
PATCH-7976	Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB976325)
PATCH-7977	Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB976325)
PATCH-7978	Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB976325)
PATCH-7980	Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB976325)
PATCH-7981	http://www.microsoft.com/downloads/details.aspx?familyid=1e466b48-422f-4c80-8fdf-ba61111942b1&displaylang=en
PATCH-7982	Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB976325)
PATCH-7983	Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB976325)
PATCH-7984	Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB976325)
PATCH-7985	Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB976325)
PATCH-9461	Visual Studio 2005 Service Pack 1 ATL Security Update(KB971090)
PATCH-9462	Visual Studio 2005 Service Pack 1 ATL for Smart Devices Security Update(KB973673)
PATCH-9463	Visual Studio 2008 ATL Security Update(KB971091)
PATCH-9464	Visual Studio 2008 Service Pack 1 ATL Security Update(KB971092)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234