Back to search
CVE-2009-2495
Published: Jul 29, 2009
Modified: May 27, 2026
PUBLISHED
Description
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
266108
vendor-advisory
x_refsource_SUNALERT
ADV-2009-2034
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:7573
vdb-entry
signature
x_refsource_OVAL
http://www.adobe.com/support/security/bulletins/apsb09-13.html
x_refsource_CONFIRM
http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
x_refsource_CONFIRM
oval:org.mitre.oval:def:6478
vdb-entry
signature
x_refsource_OVAL
TA09-286A
third-party-advisory
x_refsource_CERT
MS09-035
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:6305
vdb-entry
signature
x_refsource_OVAL
SSRT100013
vendor-advisory
x_refsource_HP
HPSBMA02488
vendor-advisory
x_refsource_HP
http://www.adobe.com/support/security/bulletins/apsb09-10.html
x_refsource_CONFIRM
36374
third-party-advisory
x_refsource_SECUNIA
36746
third-party-advisory
x_refsource_SECUNIA
35967
third-party-advisory
x_refsource_SECUNIA
TA09-195A
third-party-advisory
x_refsource_CERT
MS09-060
vendor-advisory
x_refsource_MS
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now