• 공개일 : 2009-07-29
• 변경일 : 2010-03-18
• 위험도 : 낮음
• 공격 범위 : 사용자가 공격자에게 접근해야 공격 가능, 인터넷
• 피해 유형 : 무결성 훼손, 기밀 유출, 계정 탈취 (관리자 계정), 가용성 침해

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."

• nvd : Please refer to this link http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx for mitigating factors and additional information.

• HP, SSRT100013
• HP, SSRT100013
• MISC, http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-usin..
• SECUNIA, 36187
• SUNALERT, 266108
• SECUNIA, 36746
• SECUNIA, 36374
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-10.html
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-13.html
• MS, MS09-037
• MS 보안 권고문, MS09-035
• VUPEN, ADV-2009-2034
• MS, MS09-060
• CONFIRM, http://www.novell.com/support/viewContent.do?externalId=7004997&slice..
• CERT, TA09-286A
• CERT, TA09-223A
• CERT, TA09-195A
• BID 패치, 35832
• CONFIRM 패치, http://www.adobe.com/support/security/bulletins/apsb09-11.html
• CONFIRM 패치, http://www.adobe.com/support/security/advisories/apsa09-04.html
• VUPEN, ADV-2009-2232

• Microsoft visual_studio_.net 2003 sp1
• Microsoft visual_studio 2008 sp1
• Microsoft visual_studio 2005 sp1:64_bit_hosted_visual_c++_tools
• Microsoft visual_studio 2005 sp1
• Microsoft visual_c++ 2008 sp1_redistribution_pkg
• Microsoft visual_c++ 2008 redistribution_pkg
• Microsoft visual_c++ 2005 sp1_redistribution_pkg