CVE-2009-2493

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-2493 at MITRE

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 548655, 558653, 564513, 566705

SUSE Security Advisories:

SUSE-SA:2009:041, published Wed, 05 Aug 2009 09:00:00 +0000
SUSE-SA:2009:053, published Wed, 04 Nov 2009 15:00:00 +0000
SUSE-SA:2010:002, published Tue, 12 Jan 2010 08:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 10 SP2 for x86	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-alsa >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-demo >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-jdbc >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-plugin >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-src >= 1.5.0_sr11-0.4.1`	sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ppc sles10-sp2.s390x sled10-sp2.x86-64 ZYPP Patch Nr: 6740
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-demo >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-src >= 1.5.0_sr11-0.4.1`	sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ppc sles10-sp2.s390x sled10-sp2.x86-64 ZYPP Patch Nr: 6740
SUSE Linux Enterprise Server 10 SP2 for x86	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-alsa >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-jdbc >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-plugin >= 1.5.0_sr11-0.4.1`	sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ppc sles10-sp2.s390x sled10-sp2.x86-64 ZYPP Patch Nr: 6740
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-64bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-jdbc >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-plugin >= 1.5.0_sr11-0.4.1`	sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ppc sles10-sp2.s390x sled10-sp2.x86-64 ZYPP Patch Nr: 6740
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.1`	sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ppc sles10-sp2.s390x sled10-sp2.x86-64 ZYPP Patch Nr: 6740
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.1` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.1`	sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ppc sles10-sp2.s390x sled10-sp2.x86-64 ZYPP Patch Nr: 6740
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`flash-player >= 9.0.246.0-0.3`	sled10-sp2.x86-64 sled10-sp2.x86 ZYPP Patch Nr: 6386
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`flash-player >= 9.0.246.0-0.1`	sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12464
openSUSE 10.3	`flash-player >= 9.0.246.0-0.1`
SUSE Linux Enterprise Desktop 10 SP3 for x86	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-demo >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-jdbc >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-plugin >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-src >= 1.5.0_sr11-0.4.2`	sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T	`java-1_5_0-ibm >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-demo >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2` `java-1_5_0-ibm-src >= 1.5.0_sr11-0.4.2`	sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741
Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for x86	`IBMJava5-JRE >= 1.5.0-0.76` `IBMJava5-SDK >= 1.5.0-0.76`	core9.s390 core9.x86 sles9-oes.x86 sles9-nlpos.x86 core9.s390x core9.ppc core9.x86-64 YOU Patch Nr: 12564
SUSE CORE 9 for IBM POWER	`IBMJava5-JRE >= 1.5.0-0.78` `IBMJava5-SDK >= 1.5.0-0.78`	core9.s390 core9.x86 sles9-oes.x86 sles9-nlpos.x86 core9.s390x core9.ppc core9.x86-64 YOU Patch Nr: 12564

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute