Remote code execution in Microsoft Windows



Published: 2009-07-28 | Updated: 2016-12-23
Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2009-2493
CWE-ID CWE-665
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Subscribe
Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Microsoft Active Template Library
Client/Desktop applications / Plugins for browsers, ActiveX components

Vendor Microsoft

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Improper initialization

EUVDB-ID: #VU1474

Risk: Critical

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2009-2493

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper initialization in the Microsoft Active Template Library (ATL) when handling objects from data streams related to unsafe usage of OleLoadFromStream() function. A remote attacker can create a specially crafted Web site that instantiates a vulnerable component or control using the IE browser, trick the victim into viewing it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Install update from vendor's website:

Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyID=edfea805-9544-4dc0-a52c-d7594205657b
http://go.microsoft.com/fwlink/?LinkId=157386
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyID=171d43d3-669c-4923-b266-e47591833c05
http://go.microsoft.com/fwlink/?LinkId=157386
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=c08623bf-94bc-4c50-8c10-f50fb8448a0b
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=f3249c99-82e4-45dc-a254-28e647e822c8
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=1ad3f7b3-58d5-4507-ae20-a265e47cee9c
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=575e75d9-e348-4fbb-9eaa-43240e4d715e
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=7313c03b-8844-4086-a0cc-43dfdb3ca48c
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=7216bcb1-ff16-402b-ad1b-1500d46d0157
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=51eb56fa-8204-45f3-86d7-6d03a2c8d78d
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=131b047a-ae93-4a99-83e5-71d5a79e96ea
http://go.microsoft.com/fwlink/?LinkId=157386
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyID=3d16c5bf-ee5c-4220-9755-5cb92eac2aae
http://go.microsoft.com/fwlink/?LinkId=157386
Windows 7 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=b64bcc14-38a7-45b9-8f85-acc573777506
Windows 7 x64 Edition:
https://www.microsoft.com/downloads/details.aspx?FamilyID=809e29f3-ec68-4a2b-b04e-11759dd16001
Windows Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=bcd2b944-6852-48f2-820b-cce7d195e391
Windows Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyID=85e76e55-3766-4ffe-9a18-8655de935b7c

Vulnerable software versions

Windows: 7 - XP

Windows Server: 2003 - 2008

Microsoft Active Template Library: All versions

External links

http://technet.microsoft.com/en-us/library/security/ms09-055.aspx
http://technet.microsoft.com/en-us/library/security/ms09-060.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.



###SIDEBAR###