Bugraq ID: 35828 CVE ID:CVE-2009-2493 Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。 Microsoft活动模版库(ATL)处理数据流对象实例化时ATL头存在错误,远程攻击者可以利用漏洞绕过IE等Kill-bits安全策略,并导致任意代码执行。 此漏洞只影响安装了使用Visual Studio ATL的组件和控件的系统。如果组件或控件使用ATL,不安全使用OleLoadFromStream允许任意对象实例化,可绕过相关的安全策略,如 Internet Explorer的Kill bits位。远程攻击者可以构建恶意WEB页,诱使用户打开来执行任意代码。 Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 0 Microsoft Visual Studio 2005 Team Edition for Testers 0 Microsoft Visual Studio 2005 Team Edition for Developers 0 Microsoft Visual Studio 2005 Team Edition for Architects 0 Microsoft Visual Studio 2005 Team Edition 0 Microsoft Visual Studio 2005 Standard Edition 0 Microsoft Visual Studio 2005 Professional Edition 0 Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1 Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio .NET 2003 + Microsoft Visual Basic .NET Standard 2003 + Microsoft Visual C# .NET Standard 2003 + Microsoft Visual C++ .NET Standard 2003 + Microsoft Visual J# .NET Standard...
Bugraq ID: 35828 CVE ID:CVE-2009-2493 Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。 Microsoft活动模版库(ATL)处理数据流对象实例化时ATL头存在错误,远程攻击者可以利用漏洞绕过IE等Kill-bits安全策略,并导致任意代码执行。 此漏洞只影响安装了使用Visual Studio ATL的组件和控件的系统。如果组件或控件使用ATL,不安全使用OleLoadFromStream允许任意对象实例化,可绕过相关的安全策略,如 Internet Explorer的Kill bits位。远程攻击者可以构建恶意WEB页,诱使用户打开来执行任意代码。 Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 0 Microsoft Visual Studio 2005 Team Edition for Testers 0 Microsoft Visual Studio 2005 Team Edition for Developers 0 Microsoft Visual Studio 2005 Team Edition for Architects 0 Microsoft Visual Studio 2005 Team Edition 0 Microsoft Visual Studio 2005 Standard Edition 0 Microsoft Visual Studio 2005 Professional Edition 0 Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1 Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio .NET 2003 + Microsoft Visual Basic .NET Standard 2003 + Microsoft Visual C# .NET Standard 2003 + Microsoft Visual C++ .NET Standard 2003 + Microsoft Visual J# .NET Standard 2003 Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual C++ 2008 Redistributable Package SP1 Microsoft Visual C++ 2008 Redistributable Package 0 Microsoft Visual C++ 2008 SP1 Microsoft Visual C++ 2008 0 Microsoft Visual C++ 2005 Redistributable Package SP1 Microsoft Visual C++ 2005 Redistributable Package SP1 Microsoft Visual C++ 2005 Redistributable Package 0 Microsoft Visual C++ 2005 SP1 用户可参考如下安全补丁: Microsoft Visual C++ 2005 SP1 Microsoft Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73 -40ff-b072-9112bab119c2 Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?FamilyID=63ce454e-f69c -44e3-89fb-eb23c2e2154e Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio 2005 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?FamilyID=7c8729dc-06a2 -4538-a90d-ff9464dc0197 Microsoft Visual C++ 2008 SP1 Microsoft Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5 -4b0a-a8f5-770a549fd78c Microsoft Visual Studio 2008 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94 -49fb-a014-9a38580e64cb Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1 Microsoft Visual Studio 64-bit Hosted Visual C++ Tools 2005 Service Pack 1 ATL Security Update http://www.microsoft.com/downloads/details.aspx?FamilyID=43f96f2a-69c6 -4c5e-b72c-0edfa35f4fc2 Microsoft Visual C++ 2008 0 Microsoft Microsoft Visual C++ 2008 Redistributable Package ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4 -4b6b-9ac5-687ca0770f93 Microsoft Visual Studio 2008 ATL Security Update http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd -469d-baea-a4306270462c
