Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

References:

ATL vulnerability developer deep dive (Microsoft)
ATL, MS09-035 and the SDL (Microsoft)
Attacking Interoperability (Mark Dowd, Ryan Smith, and David Dewey)
Internet Explorer Mitigations for ATL Data Stream Vulnerabilities (Microsoft)
Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS (Microsoft)
Microsoft Visual Studio Homepage (Microsoft)
MS09-037: Why we are using CVE's already used in MS09-035 (Chengyun Chu)
MSVIDCTL (MS09-032) and the ATL vulnerability (Microsoft)
Nortel Response to Microsoft Security Bulletin MS09-037 (Nortel Networks)
Overview of the out-of-band release (Microsoft)
Upgrade your Windows Live Messenger Service (Microsoft)
HPSBMA02488 SSRT100013 rev.2 - HP ProLiant Support Pack 8.30 for Windows, Remote (security-alert@hp.com)
Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Templa (Microsoft)
Microsoft Security Bulletin MS09-034 (Microsoft)
Microsoft Security Bulletin MS09-035 (Microsoft)
Microsoft Security Bulletin MS09-037 (Microsoft)
Microsoft Security Bulletin MS09-060 (Microsoft)

Privacy Statement
Copyright 2010, SecurityFocus