Upstream information
Description
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entries: 548655, 558653, 564513, 566705 SUSE Security Advisories:- SUSE-SA:2009:041, published Wed, 05 Aug 2009 09:00:00 +0000
- SUSE-SA:2009:053, published Wed, 04 Nov 2009 15:00:00 +0000
- SUSE-SA:2010:002, published Tue, 12 Jan 2010 08:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 GA |
| sled11.x86-64 sled11.x86 SAT Patch Nr: 1149 |
| SUSE Linux Enterprise Server for SAP 10 SP2 |
| sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.ppc sles10-sp2.s390x sled10-sp2.x86-64 ZYPP Patch Nr: 6740 |
| SUSE Linux Enterprise SDK 11 GA |
| sles11.x86 sle11-sdk.x86-64 sles11.x86-64 sles11.ppc sle11-sdk.ppc sle11-sdk.x86 sle11-sdk.s390x sles11.s390x SAT Patch Nr: 1497 |
| SUSE Linux Enterprise SDK 11 GA |
| sles11.x86 sle11-sdk.x86-64 sles11.x86-64 sles11.ppc sle11-sdk.ppc sle11-sdk.x86 sle11-sdk.s390x sles11.s390x SAT Patch Nr: 1497 |
| SUSE Linux Enterprise Server 11 GA |
| sles11.x86 sle11-sdk.x86-64 sles11.x86-64 sles11.ppc sle11-sdk.ppc sle11-sdk.x86 sle11-sdk.s390x sles11.s390x SAT Patch Nr: 1497 |
| SUSE Linux Enterprise Server 11 GA |
| sles11.x86 sle11-sdk.x86-64 sles11.x86-64 sles11.ppc sle11-sdk.ppc sle11-sdk.x86 sle11-sdk.s390x sles11.s390x SAT Patch Nr: 1497 |
| Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 |
| sles9-nld.x86-64 sles9-nld.x86 YOU Patch Nr: 12464 |
| openSUSE 11.0 |
| |
| openSUSE 11.1 |
| |
| SUSE Linux Enterprise Desktop 10 SP3 for x86 |
| sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741 |
| SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T |
| sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741 |
| SUSE Linux Enterprise Server 10 SP3 |
| sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741 |
| SUSE Linux Enterprise Server 10 SP3 |
| sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741 |
| SUSE Linux Enterprise Server 10 SP3 |
| sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741 |
| SUSE Linux Enterprise SDK 10 SP3 |
| sles10-sp3.ppc sles10-sp3.s390x sled10-sp3.x86-64 sles10-sp3.x86-64 sled10-sp3.x86 sles10-sp3.x86 ZYPP Patch Nr: 6741 |
| Open Enterprise Server |
| core9.s390 core9.x86 sles9-oes.x86 sles9-nlpos.x86 core9.s390x core9.ppc core9.x86-64 YOU Patch Nr: 12564 |
List of products where fixes are in QA
SUSE Linux Enterprise SDK 11 GASUSE Linux Enterprise Server 11 GA