• 공개일 : 2009-07-29
• 변경일 : 2010-05-25
• 위험도 : 낮음
• 공격 범위 : 사용자가 공격자에게 접근해야 공격 가능, 인터넷
• 피해 유형 : 무결성 훼손, 가용성 침해, 기밀 유출

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

• HP, HPSBMA02488
• SUSE, SUSE-SA:2009:053
• MISC, http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-usin..
• SECUNIA, 36746
• SECUNIA, 36374
• SECUNIA, 36187
• HP, HPSBMA02488
• SECUNIA, 38568
• SUNALERT, 264648
• SUNALERT, 1020775
• SUNALERT, 266108
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-10.html
• MS, MS09-055
• MS, MS09-037
• CONFIRM, http://www.adobe.com/support/security/bulletins/apsb09-13.html
• MS, MS09-060
• MS, MS09-072
• VUPEN, ADV-2009-2232
• VUPEN, ADV-2009-2034
• CONFIRM 패치, http://www.adobe.com/support/security/advisories/apsa09-04.html
• CONFIRM, http://www.novell.com/support/viewContent.do?externalId=7004997&slice..
• CONFIRM, http://www.openoffice.org/security/cves/CVE-2009-2493.html
• VUPEN, ADV-2010-0366
• MS 보안 권고문, 패치, MS09-035
• CONFIRM 패치, http://www.adobe.com/support/security/bulletins/apsb09-11.html
• CERT, TA09-195A
• CERT, TA09-286A
• CERT, TA09-223A
• CERT, TA09-342A

• Microsoft visual_studio_.net 2003 sp1
• Microsoft visual_studio 2008 sp1
• Microsoft visual_studio 2005 sp1:64_bit_hosted_visual_c++_tools
• Microsoft visual_studio 2005 sp1
• Microsoft visual_c++ 2008 sp1_redistribution_pkg
• Microsoft visual_c++ 2008 redistribution_pkg
• Microsoft visual_c++ 2005 sp1_redistribution_pkg