Visual Studio Active Template Library uninitialized objectAdded: 07/30/2009
BackgroundMicrosoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library (ATL), which is a set of template-based C++ classes, to help simplify the programming of Component Object Model (COM) objects.
ProblemA flaw in the way the Microsoft Active Template Library (ATL) handles certain ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized, leading to command execution when a user opens a specially crafted web page.
ResolutionApply the patch referenced in Microsoft Security Bulletin 09-035.
LimitationsExploit works on Microsoft Visual Studio 2005 and requires a user to load the exploit page in Internet Explorer 6 or 7. In order for the exploit to succeed, Internet Explorer must have the option "Initialize and script ActiveX controls not marked as safe" set to "Enable", because the affected ActiveX control is marked not safe. Also note that, due to the nature of the vulnerability, the exploit only works when the exploit server is specified as an IP address rather than a host/domain name.
Back to exploit index