CVE-2009-2494

Description

The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka ATL Object Type Mismatch Vulnerability.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

60.593

Associated Vulnerability

Vulnerability	OS Platform
Security Update for Outlook Express 6.0 for Windows 2000 (KB973354)	Windows
Security Update for Windows XP (KB973354) x86 based systems	Windows
Security Update for Windows XP (KB973354) x86 based systems for SP3	Windows
Security Update for Windows Server 2003 (KB973354)	Windows
Security Update for Windows XP x64 Edition (KB973354)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973354)	Windows
Security Update for Windows Media Player 9 for Windows 2000 (KB973540)	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB973540)	Windows
Security Update for Windows XP x64 Edition (KB973540)	Windows
Security Update for Windows Media Player 11 for Windows XP X64 Edition (KB973540)	Windows
Security Update for Windows Server 2003 (KB973540)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973540)	Windows
Security Update for Windows Vista (KB973540) x86 based systems	Windows
Security Update for Windows Vista (KB973540) x86 based systems for SP1	Windows
Security Update for Windows Vista (KB973540) x86 based systems for SP2	Windows
Security Update for Windows Vista for x64-based Systems (KB973540)	Windows
Security Update for Windows Vista for x64-based Systems (KB973540) for SP1	Windows
Security Update for Windows Vista for x64-based Systems (KB973540)	Windows
Security Update for Windows Server 2008 (KB973540) x86 based systems	Windows
Security Update for Windows Server 2008 (KB973540) x86 based systems for SP2	Windows
Security Update for Windows Server 2008 x64 Edition (KB973540)	Windows
Security Update for Windows Server 2008 x64 Edition (KB973540) for SP2	Windows
Security Update for Windows 2000 (KB973507)	Windows
Security Update for Windows XP (KB973507)	Windows
Security Update for Windows XP x64 Edition (KB973507)	Windows
Security Update for Windows Vista (KB973507)	Windows
Security Update for Windows Vista for x64-based Systems (KB973507)	Windows
Security Update for Windows Server 2008 (KB973507)	Windows
Security Update for Windows Server 2008 x64 Edition (KB973507)	Windows
Security Update for Windows Server 2003 (KB973507)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973507)	Windows
Security Update for Windows 2000 (KB973869)	Windows
Security Update for Windows XP (KB973869)	Windows
Security Update for Windows Server 2003 (KB973869)	Windows
Security Update for Windows XP x64 Edition (KB973869)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973869)	Windows
Security Update for Windows XP (KB973815) x86 based systems	Windows
Security Update for Windows XP (KB973815) x86 based systems for SP3	Windows
Security Update for Windows Server 2003 (KB973815)	Windows
Security Update for Windows XP x64 Edition (KB973815)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973815)	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB973540) x86 based systems	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB97354011) x86 based systems	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-7321	Security Update for Windows Vista (KB973540)
PATCH-7324	Security Update for Windows Vista for x64-based Systems (KB973540)
PATCH-7325	Security Update for Windows Server 2008 (KB973540)
PATCH-7326	Security Update for Windows Server 2008 (KB973540)
PATCH-7327	Security Update for Windows Server 2008 x64 Edition (KB973540)
PATCH-7328	Security Update for Windows Server 2008 x64 Edition (KB973540)
PATCH-7334	Security Update for Windows Server 2008 (KB973507)
PATCH-7335	Security Update for Windows Server 2008 x64 Edition (KB973507)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234