MS.ATL.Uninitialized.Object.Code.Execution
Description
This indicates an attack attempt against an ActiveX control that built upon on vulnerable Microsoft ATL.
The vulnerable version of this ATL is shipped as official ATL release by Visual Studio prior to VS2008 SP1.
Affected Products
Microsoft Visual Studio .NET 2003 Service Pack 1
Microsoft Visual Studio 2005 Service Pack 1
Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools
Microsoft Visual Studio 2008
Microsoft Visual Studio 2008 Service Pack 1
Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patches, available from the web site:
http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |