Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability

Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability

References:

ATL vulnerability developer deep dive (Microsoft)
ATL, MS09-035 and the SDL (Microsoft)
Attacking Interoperability (Mark Dowd, Ryan Smith, and David Dewey)
Internet Explorer Mitigations for ATL Data Stream Vulnerabilities (Microsoft)
Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS (Microsoft)
Microsoft Visual Studio Homepage (Microsoft)
MS09-037: Why we are using CVE's already used in MS09-035 (Chengyun Chu)
MSVIDCTL (MS09-032) and the ATL vulnerability (Microsoft)
Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability (iDefense)
Nortel Enterprise Response to Microsoft Security Bulletin MS09-072 (Nortel Networks)
Nortel Response to Microsoft Security Bulletin MS09-037 (Nortel Networks)
Overview of the out-of-band release (Microsoft)
Upgrade your Windows Live Messenger Service (Microsoft)
HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote (security-alert@hp.com)
Nortel Enterprise Response to Microsoft Security Bulletin MS09-055 (Nortel)
2009009911, Rev 2 Nortel Enterprise Response to Security Bulletin MS09-072 (Nortel Networks)
Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Templa (Microsoft)
Microsoft Security Bulletin MS09-034 (Microsoft)
Microsoft Security Bulletin MS09-035 (Microsoft)
Microsoft Security Bulletin MS09-037 (Microsoft)
Microsoft Security Bulletin MS09-055 (Microsoft)
Microsoft Security Bulletin MS09-060 (Microsoft)
Microsoft Security Bulletin MS09-072 (Microsoft)

Privacy Statement
Copyright 2010, SecurityFocus