Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Microsoft Corporation Information for VU#456745

Date Notified:
Date Updated:2009-07-28
Statement Date:
Status Summary:Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

Addendum

Apply an update
    This vulnerability has been addressed in the update for Internet Explorer provided in Microsoft Security Bulletin MS09-034. This update helps prevent ActiveX controls that were built with the vulnerable ATL versions from being initialized with unsafe data patterns in Internet Explorer. This also includes techniques that can be used to bypass the kill bit in Internet Explorer.

    Update and recompile ActiveX controls

    Developers who have created ActiveX controls using Microsoft ATL should install the update for Microsoft Security Bulletin MS09-035 and recompile the ActiveX controls. This will cause the controls to use an updated ATL version that addresses these vulnerabilities.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2012 by US-CERT, a government organization
Disclaimers and copyright information