Vulnerabilities in Microsoft Active Template Library

Vulnerabilities Could Allow Remote Code Execution

Microsoft is releasing this security advisory to provide information about our ongoing investigation into vulnerabilities in the public and private versions of Microsoft’s Active Template Library (ATL). This advisory also provides guidance as to what developers can do to help ensure that the controls and components they have built are not vulnerable to the ATL issues; what IT Professionals and consumers can do to mitigate potential attacks that use the vulnerabilities; and what Microsoft is doing as part of its ongoing investigation into the issue described in this advisory. This security advisory will also provide a comprehensive listing of all Microsoft Security Bulletins and Security Updates related to the vulnerabilities in ATL. Microsoft’s investigation into the private and public versions of ATL is ongoing, and we will release security updates and guidance as appropriate as part of the investigation process.

Microsoft is aware of security vulnerabilities in the public and private versions of ATL. The Microsoft ATL is used by software developers to create controls or components for the Windows platform. The vulnerabilities described in this Security Advisory and Microsoft Security Bulletin MS09-035 could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL. Components and controls created with the vulnerable version of ATL may be exposed to a vulnerable condition due to how ATL is used or due to issues in the ATL code itself.

Read more
This entry was written by admin, posted on August 3, 2009 at 7:30 am, filed under Microsoft. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.