• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Active Template Library 'IPersistStreamInit' Remote Code Execution Vulnerability

The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This BID was previously titled "Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability". It has been updated to better document the issue.