Novell Home

CVE-2009-0901

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2009-0901 at MITRE

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

No Novell Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 GA
  • flash-player >= 10.0.32.18-0.1.1
sled11.x86-64
sled11.x86
SAT Patch Nr: 1149
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.246.0-0.1
sles9-nld.x86-64
sles9-nld.x86
YOU Patch Nr: 12464
openSUSE 11.0
  • flash-player >= 9.0.246.0-0.1
openSUSE 11.1
  • flash-player >= 10.0.32.18-0.1.1

© 2014 Novell