Oval Definition:oval:org.mitre.oval:def:7573
Revision Date:2015-08-10Version:65
Title:ATL Null String Vulnerability
Description:The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-2495
Platform(s):Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office Visio Viewer 2003
Microsoft Office Visio Viewer 2007
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook 2007
Microsoft Visio Viewer 2002
Microsoft Visual C++ 2005 Redistributable Package
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Microsoft Visual Studio 2008
Definition Synopsis
  • Outlook 2002
  • Microsoft Outlook 2002 is installed
  • AND the version of Outllib.dll is less than 10.0.6856.0
  • OR Outlook 2003
  • Microsoft Outlook 2003 is installed
  • AND the version of Outllib.dll is less than 11.0.8313.0
  • OR Outlook 2007
  • Microsoft Outlook 2007 is installed
  • AND the version of Outlook.exe is less than 12.0.6514.5000
  • OR Microsoft Visio Viewer 2002
  • Microsoft Visio Viewer 2002 is installed
  • OR Microsoft Office Visio Viewer 2003
  • Microsoft Office Visio Viewer 2003 is installed
  • OR Microsoft Office Visio Viewer 2007
  • Microsoft Office Visio Viewer 2007 is installed
  • AND the version of Vviewer.dll is less than 12.0.6513.5000
  • OR Microsoft Visual Studio .NET 2003 SP1
  • Microsoft Visual Studio .NET 2003 SP1 is installed
  • AND the version of Mfc71.dll is less than 7.10.6101.0
  • OR Microsoft Visual Studio 2005 Service Pack 1
  • Microsoft Visual Studio 2005 Service Pack 1 is installed
  • AND the version of ATL80.dll is less than 8.0.50727.4053
  • OR Microsoft Visual Studio 2008
  • Microsoft Visual Studio 2008 is installed
  • AND the version of ATL90.dll is less than 9.0.21022.218
  • OR Microsoft Visual Studio 2008 Service Pack 1
  • Microsoft Visual Studio 2008 Service Pack 1 is installed
  • AND the version of ATL90.dll is less than 9.0.30729.4148
  • OR Microsoft Visual C++ 2005 Redistributable Package
  • Microsoft Visual C++ 2005 Redistributable Package is installed
  • the version of %SystemRoot%\WinSxS\(x86|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.*\atl80.dll is less than 8.0.50727.4053
  • OR the version of %SystemRoot%\winsxs\(x86|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.*\atl80.dll is less than 8.0.50727.4053
  • OR Microsoft Visual C++ 2008 Redistributable Package
  • Microsoft Visual C++ 2008 Redistributable Package is installed
  • the version of %SystemRoot%\WinSxS\(x86|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.*\atl90.dll is less than 9.0.30729.4148
  • OR the version of %SystemRoot%\winsxs\(x86|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.*\atl90.dll is less than 9.0.30729.4148
    • BACK