QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-0901

Back to search

CVE-2009-0901

Published: Jul 29, 2009

Modified: May 27, 2026

PUBLISHED

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

266108
vendor-advisory
x_refsource_SUNALERT
35832
vdb-entry
x_refsource_BID
ADV-2009-2034
vdb-entry
x_refsource_VUPEN
TA09-223A
third-party-advisory
x_refsource_CERT
TA09-286A
third-party-advisory
x_refsource_CERT
MS09-035
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:7581
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:6289
vdb-entry
signature
x_refsource_OVAL
SSRT100013
vendor-advisory
x_refsource_HP
HPSBMA02488
vendor-advisory
x_refsource_HP
36187
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:6311
vdb-entry
signature
x_refsource_OVAL
ADV-2009-2232
vdb-entry
x_refsource_VUPEN
36374
third-party-advisory
x_refsource_SECUNIA
MS09-037
vendor-advisory
x_refsource_MS
36746
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:6373
vdb-entry
signature
x_refsource_OVAL
35967
third-party-advisory
x_refsource_SECUNIA
TA09-195A
third-party-advisory
x_refsource_CERT
MS09-060
vendor-advisory
x_refsource_MS

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now