Published: 2009-07-31T22:03+00:00
Last Updated: 2009-08-23T23:08+00:00
JVNTR-2009-19
Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities (TA09-209A)
Overview
Microsoft has released out-of-band updates to address critical vulnerabilities in Microsoft Internet Explorer running on most supported versions of Windows. The updates also help mitigate attacks against ActiveX controls developed with vulnerable versions of the Microsoft Active Template Library (ATL).
Event Information
| Date (UTC) | Description |
| 2009-07-30 20:47 |
US-CERT Adobe Releases Shockwave Player Update and Flash Player Security Advisory US-CERT Current Activity Additionally, Adobe has released Flash Player 10.0.22.87 and 9.0.246.0 to address the ATL issue and additional vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. |
| 2009-07-30 13:34 |
Adobe APSB09-10: Security Updates available for Adobe Flash Player Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2. |
| 2009-07-29 14:12 |
US-CERT Adobe Releases Shockwave Player Update and Flash Player Security Advisory US-CERT Current Activity Adobe has released Shockware Player 11.5.1.601 because previous versions used a vulnerable version of the Microsoft Active Template Library (ATL). Additionally, Adobe has released a security advisory to address the same issue in Flash Player. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. |
| 2009-07-29 04:44 |
JPCERT/CC JPCERT-AT-2009-0014: Vulnerabilities in Microsoft ATL affect Multiple Products |
| 2009-07-28 22:58 |
SANS Internet Storm Center MS released two OOB bulletins and an advisory (Version: 2) Microsoft has released two Out of Band (OOB) bulletins and one advisory. |
| 2009-07-28 22:40 |
Microsoft ms09-jul: Microsoft Security Bulletin Summary for July 2009 (out-of-band) For the out-of-band security bulletins added to Version 2.0 of this bulletin summary, MS09-034 and MS09-035. |
| 2009-07-28 21:56 |
US-CERT TA09-209A: Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities Via US-CERT Mailing List |
| 2009-07-28 21:29 |
Microsoft Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution Advisory published. |
| 2009-07-28 18:00 |
Cisco Systems cisco-sa-20090728-activex: Active Template Library (ATL) Vulnerability Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site. |
| 2009-07-28 17:18 |
US-CERT Microsoft Releases Two Out-of-Band Security Bulletins and a Security Advisory US-CERT Current Activity Microsoft has released two out-of-band security bulletins. The first bulletin, MS09-034, is a cumulative security update for Internet Explorer that addresses several vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. The second bulletin, MS09-035, addresses vulnerabilities in the Visual Studio Active Template Library (ATL). Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. |
| 2009-07-28 17:15 |
Symantec ThreatCON (2) => (2) Microsoft has released two out-of-band security bulletins, MS09-034 and MS09-035, that address vulnerabilities in the Visual Studio Active Template Library (ATL) and Internet Explorer. Users should apply patches immediately. |
| 2009-07-28 10:10 |
Adobe APSA09-04: Security advisory for Adobe Flash Player Adobe Flash Player 9.0.159.0 and 10.0.22.87, and earlier 9.x and 10.x versions installed on Windows operating systems for use with Internet Explorer leverage a vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882). |
| 2009-07-28 10:10 |
Adobe APSB09-11: Security Update available for Shockwave Player Adobe Shockwave Player 11.5.0.600 and earlier versions on Windows leverages a vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882). |
| 2009-07-24 23:45 |
Microsoft ms09-jul: Microsoft Security Bulletin Advance Notification for July 2009 (out-of-band) This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release. |
| 2009-07-24 23:33 |
SANS Internet Storm Center Microsoft Out of Band Patch Several readers have pointed out that Microsoft has provided notification of an Out-of-Band patch to be released this coming Tuesday, July 28th. |
| 2009-05-06 |
iDefense Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability Memory Corruption Vulnerability (CVE-2009-1917, MS09-034) Vulnerability Reported The vulnerability occurs when the 'ondatasetcomplete' event method of a timeChildren object is referenced. If this occurs when the object is in an inconsistent state, a heap chunk will be freed, and then reused after being freed. This results in an uninitialized VTABLE being used, which can result in the execution of arbitrary code when the pointer is dereferenced. |
| 2009-04-28 |
Zero Day Initiative (ZDI) ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability Uninitialized Memory Corruption Vulnerability (CVE-2009-1919, MS09-034) Vulnerability Reported The specific flaw exists when accessing embedded style sheets within an HTML file. When modifying the properties of rules defined in the style the behavior element is improperly processed resulting in a memory corruption which can be further leveraged to execute arbitrary code under the context of the current user. |
| 2009-04-28 |
Zero Day Initiative (ZDI) ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability HTML Objects Memory Corruption Vulnerability (CVE-2009-1918, MS09-034) Vulnerability Reported The specific flaw exists in the appending of elements to an invalid object. When appending malformed elements to a empty DIV element memory corruption can occur. A properly constructed web page can result in remote code execution under the context of the current user. |
| 2008-12-05 |
iDefense Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability ATL COM Initialization Vulnerability (CVE-2009-2493, MS09-035, MS09-037) Vulnerability Reported Exploitation of this vulnerability allows an attacker to bypass security checks (such as kill-bits in Internet Explorer). Successful exploitation would require the attacker to convince his or her victim into visiting a specially crafted Web page leveraging the vulnerability. While there is no way to forcibly make a victim visit a website, exploitation may occur through normal Web browsing. |
| 2008-12-05 |
iDefense Multiple Vendor Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability ATL Null String Vulnerability (CVE-2009-2495, MS09-035) Vulnerability Reported Depending upon certain characteristics of an OLE component designed with the Microsoft ATL, it is possible to read arbitrary memory inside the Internet Explorer process. By loading a vulnerable ActiveX control and passing in specially crafted persistent storage data, an attacker can cause a string to be read in without being properly NULL terminated. After the object is initialized the attacker may read the data using Java Script. Since the string functions rely on NULL termination to keep track of the end of the string, the attacker may read into the next chunk of memory continuing until two NULL bytes are encountered. |