|CERT-In Vulnerability Note
Microsoft Windows Active X Control ATL " OleLoadFromStream " Vulnerability
Original Issue Date:October 15, 2009
Severity Rating: HIGH
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 3
- Microsoft Windows XP Professional x64 Edition Service Pack 2
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Windows Vista Service Pack 1 and Service Pack 2
- Microsoft Windows Vista x64 Edition Service Pack 1 and Service Pack 2
- Microsoft Windows Server 2008 for 32-bit Systems and Service Pack 2
- Microsoft Windows Server 2008 for x64-based Systems and Service Pack 2
- Microsoft Windows Server 2008 for Itanium-based Systems and Service Pack 2
Multiple vulnerabilities were reported in Microsoft Internet Explorer, which could be exploited by remote attackers to cause arbitrary code to be executed on the target user's system.
The Active Template Library ATL is a set of template-based C++ classes that lets developer create small, fast Component Object Model COM objects. ATL has special support for key COM features, including stock implementations, dual interfaces, standard COM enumerator interfaces, connection points, tear-off interfaces, and ActiveX controls.
A remote code execution vulnerability exists in the Microsoft ActiveTemplate Library ATL due to error in the ATL headers while handling instantiation of an object from data streams. components and controls which are built using ATL, unsafe usage of OleLoadFromStream could allow the instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. This vulnerability could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page having a control compiled with vulnerable ATL headers . Opening this file result in remote code execution and could allow remote attacker to gain access of the affected system with the privileges of logged-on user.
Apply appropriate patches as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003