---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Visual Studio Active Template Library Three Vulnerabilities SECUNIA ADVISORY ID: SA35967 VERIFY ADVISORY: http://secunia.com/advisories/35967/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Visual Studio, which can be exploited by malicious people to potentially bypass security features, gain knowledge of sensitive information, or compromise applications built using ATL (Active Template Library). 1) An error in the ATL headers when handling persisted streams can be exploited to cause VariantClear() to be called on a VARIANT that has not been correctly initialised. This can e.g. be exploited to corrupt memory via a web page passing a specially crafted stream to a vulnerable control. Successful exploitation may allow execution of arbitrary code. 2) An error in the ATL headers when handling object instantiation from data streams may allow bypassing of security policies such as kill-bits in Internet Explorer if a control or component uses OleLoadFromStream() in an unsafe manner. 3) An error in ATL may result in a string being read without terminating NULL bytes, which can be exploited to disclose memory contents beyond the end of the string. SOLUTION: Apply patches. Microsoft Visual Studio .NET 2003 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=63ce454e-f69c-44e3-89fb-eb23c2e2154e Microsoft Visual Studio 2005 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=7c8729dc-06a2-4538-a90d-ff9464dc0197 Microsoft Visual Studio 2005 SP1 64-bit Hosted Visual C++ Tools: http://www.microsoft.com/downloads/details.aspx?FamilyID=43f96f2a-69c6-4c5e-b72c-0edfa35f4fc2 Microsoft Visual Studio 2008: http://www.microsoft.com/downloads/details.aspx?familyid=8f9da646-94dd-469d-baea-a4306270462c Microsoft Visual Studio 2008 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=294de390-3c94-49fb-a014-9a38580e64cb Microsoft Visual C++ 2005 SP1 Redistributable Package: http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2 Microsoft Visual C++ 2008 Redistributable Package: http://www.microsoft.com/downloads/details.aspx?familyid=8b29655e-9da4-4b6b-9ac5-687ca0770f93 Microsoft Visual C++ 2008 SP1 Redistributable Package: http://www.microsoft.com/downloads/details.aspx?familyid=2051a0c1-c9b5-4b0a-a8f5-770a549fd78c NOTE: It is also necessary for developers to rebuild any components and controls created using a vulnerable version of the ATL library. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits David Dewey, IBM ISS X-Force. 2-3) The vendor credit Ryan Smith, iDefense Labs. ORIGINAL ADVISORY: MS09-035 (KB969706, KB971089, KB971090, KB971091, KB971092, KB973544, KB973551, KB973552, KB973830): http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx OTHER REFERENCES: Microsoft Security Advisory (973882): http://www.microsoft.com/technet/security/advisory/973882.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------