Unrated severityNVD Advisory· Published Jul 29, 2009· Updated Apr 23, 2026
CVE-2009-0901
CVE-2009-0901
Description
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Affected products
8cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_c\+\+:2008:redistribution_pkg:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\+\+_tools:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- www.adobe.com/support/security/advisories/apsa09-04.htmlnvdPatch
- www.adobe.com/support/security/bulletins/apsb09-11.htmlnvdPatch
- www.securityfocus.com/bid/35832nvdPatch
- www.us-cert.gov/cas/techalerts/TA09-195A.htmlnvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA09-223A.htmlnvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA09-286A.htmlnvdUS Government Resource
- blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspxnvd
- marc.infonvd
- secunia.com/advisories/35967nvd
- secunia.com/advisories/36187nvd
- secunia.com/advisories/36374nvd
- secunia.com/advisories/36746nvd
- sunsolve.sun.com/search/document.donvd
- www.adobe.com/support/security/bulletins/apsb09-10.htmlnvd
- www.adobe.com/support/security/bulletins/apsb09-13.htmlnvd
- www.novell.com/support/viewContent.donvd
- www.vupen.com/english/advisories/2009/2034nvd
- www.vupen.com/english/advisories/2009/2232nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581nvd
News mentions
0No linked articles in our index yet.