VYPR
Medium severity6.5NVD Advisory· Published Jul 29, 2009· Updated Jun 16, 2026

CVE-2009-2495

CVE-2009-2495

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visual_c\+\+:2008:redistribution_pkg:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*
    • (no CPE)range: 2005 SP1, 2008 Gold and SP1
  • cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\+\+_tools:*:*:*:*:*
    • cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
    • (no CPE)range: 2003 SP1, 2005 SP1, 2008 Gold and SP1
  • cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.