|
|
|
|
| |
Credit:
The information has been provided by Ryan Smith.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/
|
| |
Vulnerable Systems:
* Microsoft ATL/MFC version 3.0
One aspect of COM is a process called initialization. This process allows a program to load and store a COM object within various containers, such as OLE compound storage files and raw streams.
Depending upon certain characteristics of an OLE component designed with certain versions of the Microsoft ATL, it is possible to cause an object to use a variant of type VT_BSTR as a different object. In certain circumstances, an encoded BSTR can cause ATL code to set the COM type without checking to see if the type was successfully coerced. Upon return, the BSTR is treated as an object leading to an attacker being able to specify an address to call.
Exploitation of this vulnerability will result in the execution of arbitrary code. Attack vectors include Internet Explorer, WordPad, Microsoft Office, and any other program that loads arbitrary persistence data.
Patch Availability:
Microsoft has released a security bulletin which addresses this issue. For more information, consult their advisory at the following URL:
http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx
CVE Information:
CVE-2009-2494
Disclosure Timeline:
12/05/2008 Initial Contact
07/29/2009 Material presented at BlackHat USA
08/11/2009 Public disclosure via MS09-037
-------------------------------------------------------------------------------------------------------------------------------
Insider's report: What is behind malware growth and how this knowledge will help you avoid the threat.
+
|
|
|
|
|
