// For flags

CVE-2009-2495

 

Severity Score

7.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

La Active Template Library (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold y SP1, y Visual C++ 2005 SP1 y 2008 Gold y SP1 no cumple adecuadamente con la terminación de cadena, lo que permite a atacantes remotos obtener información sensible a través de un documentos HTML manipulado con un (1) control o (2) componente ATL que provoca un desbordamiento de lectura de búfer. Relacionado con la reserva de cabeceras y búfers ATL. También conocida como "Vulnerabilidad de cadena nula ATL".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-07-17 CVE Reserved
  • 2009-07-29 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Visual C\+\+
Search vendor "Microsoft" for product "Visual C\+\+"
2005
Search vendor "Microsoft" for product "Visual C\+\+" and version "2005"
sp1_redistribution_pkg
Affected
Microsoft
Search vendor "Microsoft"
Visual C\+\+
Search vendor "Microsoft" for product "Visual C\+\+"
2008
Search vendor "Microsoft" for product "Visual C\+\+" and version "2008"
redistribution_pkg
Affected
Microsoft
Search vendor "Microsoft"
Visual C\+\+
Search vendor "Microsoft" for product "Visual C\+\+"
2008
Search vendor "Microsoft" for product "Visual C\+\+" and version "2008"
sp1_redistribution_pkg
Affected
Microsoft
Search vendor "Microsoft"
Visual Studio
Search vendor "Microsoft" for product "Visual Studio"
2005
Search vendor "Microsoft" for product "Visual Studio" and version "2005"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Visual Studio
Search vendor "Microsoft" for product "Visual Studio"
2005
Search vendor "Microsoft" for product "Visual Studio" and version "2005"
sp1, 64_bit_hosted_visual_c\+\+_tools
Affected
Microsoft
Search vendor "Microsoft"
Visual Studio
Search vendor "Microsoft" for product "Visual Studio"
2008
Search vendor "Microsoft" for product "Visual Studio" and version "2008"
-
Affected
Microsoft
Search vendor "Microsoft"
Visual Studio
Search vendor "Microsoft" for product "Visual Studio"
2008
Search vendor "Microsoft" for product "Visual Studio" and version "2008"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Visual Studio .net
Search vendor "Microsoft" for product "Visual Studio .net"
2003
Search vendor "Microsoft" for product "Visual Studio .net" and version "2003"
sp1
Affected