What is the severity of CVE-2009-0901?

CVE-2009-0901 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.

How do I fix CVE-2009-0901?

To fix CVE-2009-0901, apply the latest security patches released by Microsoft for the affected Visual Studio and Visual C++ versions.

Which software versions are affected by CVE-2009-0901?

CVE-2009-0901 affects Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1, Visual Studio 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1.

Is CVE-2009-0901 related to Active Template Library (ATL)?

Yes, CVE-2009-0901 specifically involves a vulnerability within Active Template Library (ATL) implementations.

What could happen if CVE-2009-0901 is exploited?

If exploited, CVE-2009-0901 could allow an attacker to execute arbitrary code on a vulnerable system, potentially taking control of the affected machine.

Vulnerability/
CVE-2009-0901

critical

9.3

CWE

29/7/2009

12/10/2018

CVE-2009-0901: Code Injection

First published: Wed Jul 29 2009(Updated: )

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Microsoft Visual C++	=2005-sp1_redistribution_pkg
Microsoft Visual C++	=2008-redistribution_pkg
Microsoft Visual C++	=2008-sp1_redistribution_pkg
Visual Studio	=2005-sp1
Visual Studio	=2005-sp1
Visual Studio	=2008
Visual Studio	=2008-sp1
Microsoft Visual Studio	=2003-sp1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0901?
CVE-2009-0901 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2009-0901?
To fix CVE-2009-0901, apply the latest security patches released by Microsoft for the affected Visual Studio and Visual C++ versions.
Which software versions are affected by CVE-2009-0901?
CVE-2009-0901 affects Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1, Visual Studio 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1.
Is CVE-2009-0901 related to Active Template Library (ATL)?
Yes, CVE-2009-0901 specifically involves a vulnerability within Active Template Library (ATL) implementations.
What could happen if CVE-2009-0901 is exploited?
If exploited, CVE-2009-0901 could allow an attacker to execute arbitrary code on a vulnerable system, potentially taking control of the affected machine.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/remedy
agent/severity
agent/weakness
agent/references
agent/author
agent/description
agent/event
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/microsoft
canonical/microsoft visual c++
version/microsoft visual c++/2005-sp1_redistribution_pkg
version/microsoft visual c++/2008-redistribution_pkg
version/microsoft visual c++/2008-sp1_redistribution_pkg
canonical/visual studio
version/visual studio/2005-sp1
version/visual studio/2008
version/visual studio/2008-sp1
canonical/microsoft visual studio
version/microsoft visual studio/2003-sp1

CVE-2009-0901: Code Injection

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0901?

How do I fix CVE-2009-0901?

Which software versions are affected by CVE-2009-0901?

Is CVE-2009-0901 related to Active Template Library (ATL)?

What could happen if CVE-2009-0901 is exploited?

Company

Resources

Contact