CVE-2009-2495

Published Jul 29, 2009

Last updated 6 years ago

CVSS info 7.8

Overview

Description: The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA86F8B2-0211-4FF6-BE07-2E2EC06DFC37"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:redistribution_pkg:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BA98FBB-255F-4AC9-B035-54C60EEE022B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B20EDFCC-8C10-4EBF-BCC6-1A17362E6676"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\\+\\+_tools:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E35016A-D55F-4607-8716-77AACB7B166C"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References