Novell Home

CVE-2009-2493

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2009-2493 at MITRE

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 548655, 558653, 564513, 566705

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 GA
  • flash-player >= 10.0.32.18-0.1.1
sled11.x86-64
sled11.x86
SAT Patch Nr: 1149
SUSE Linux Enterprise Server for SAP 10 SP2
  • java-1_5_0-ibm >= 1.5.0_sr11-0.4.1
  • java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.1
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr11-0.4.1
  • java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.1
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.1
  • java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.1
sled10-sp2.x86
sles10-sp2.x86
sles10-sp2.x86-64
sles10-sp2.ppc
sles10-sp2.s390x
sled10-sp2.x86-64
ZYPP Patch Nr: 6740
SUSE Linux Enterprise SDK 11 GA
  • java-1_6_0-ibm >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr6-1.1.1
sles11.x86
sle11-sdk.x86-64
sles11.x86-64
sles11.ppc
sle11-sdk.ppc
sle11-sdk.x86
sle11-sdk.s390x
sles11.s390x
SAT Patch Nr: 1497
SUSE Linux Enterprise SDK 11 GA
  • java-1_6_0-ibm-devel >= 1.6.0_sr6-1.1.1
sles11.x86
sle11-sdk.x86-64
sles11.x86-64
sles11.ppc
sle11-sdk.ppc
sle11-sdk.x86
sle11-sdk.s390x
sles11.s390x
SAT Patch Nr: 1497
SUSE Linux Enterprise Server 11 GA
  • java-1_6_0-ibm >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr6-1.1.1
sles11.x86
sle11-sdk.x86-64
sles11.x86-64
sles11.ppc
sle11-sdk.ppc
sle11-sdk.x86
sle11-sdk.s390x
sles11.s390x
SAT Patch Nr: 1497
SUSE Linux Enterprise Server 11 GA
  • java-1_6_0-ibm >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr6-1.1.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr6-1.1.1
sles11.x86
sle11-sdk.x86-64
sles11.x86-64
sles11.ppc
sle11-sdk.ppc
sle11-sdk.x86
sle11-sdk.s390x
sles11.s390x
SAT Patch Nr: 1497
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • flash-player >= 9.0.246.0-0.1
sles9-nld.x86-64
sles9-nld.x86
YOU Patch Nr: 12464
openSUSE 11.0
  • flash-player >= 9.0.246.0-0.1
openSUSE 11.1
  • flash-player >= 10.0.32.18-0.1.1
SUSE Linux Enterprise Desktop 10 SP3 for x86
  • java-1_5_0-ibm >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-demo >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-plugin >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-src >= 1.5.0_sr11-0.4.2
sles10-sp3.ppc
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.x86-64
sled10-sp3.x86
sles10-sp3.x86
ZYPP Patch Nr: 6741
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-demo >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-src >= 1.5.0_sr11-0.4.2
sles10-sp3.ppc
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.x86-64
sled10-sp3.x86
sles10-sp3.x86
ZYPP Patch Nr: 6741
SUSE Linux Enterprise Server 10 SP3
  • java-1_5_0-ibm >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-plugin >= 1.5.0_sr11-0.4.2
sles10-sp3.ppc
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.x86-64
sled10-sp3.x86
sles10-sp3.x86
ZYPP Patch Nr: 6741
SUSE Linux Enterprise Server 10 SP3
  • java-1_5_0-ibm >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-64bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-plugin >= 1.5.0_sr11-0.4.2
sles10-sp3.ppc
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.x86-64
sled10-sp3.x86
sles10-sp3.x86
ZYPP Patch Nr: 6741
SUSE Linux Enterprise Server 10 SP3
  • java-1_5_0-ibm >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2
sles10-sp3.ppc
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.x86-64
sled10-sp3.x86
sles10-sp3.x86
ZYPP Patch Nr: 6741
SUSE Linux Enterprise SDK 10 SP3
  • java-1_5_0-ibm >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr11-0.4.2
  • java-1_5_0-ibm-fonts >= 1.5.0_sr11-0.4.2
sles10-sp3.ppc
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.x86-64
sled10-sp3.x86
sles10-sp3.x86
ZYPP Patch Nr: 6741
Open Enterprise Server
  • IBMJava5-JRE >= 1.5.0-0.76
  • IBMJava5-SDK >= 1.5.0-0.76
core9.s390
core9.x86
sles9-oes.x86
sles9-nlpos.x86
core9.s390x
core9.ppc
core9.x86-64
YOU Patch Nr: 12564

List of products where fixes are in QA

SUSE Linux Enterprise SDK 11 GA
SUSE Linux Enterprise Server 11 GA

© 2014 Novell