|
Saturday, 17 October 2009 03:29 |
On Tuesday, Oct 13, Microsoft has released MS09-055 - Cumulative Security Update of ActiveX Kill Bits (973525). This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Microsoft ratings for MS09-055: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - none - (This vulnerability has already been given an exploitability index assessment in the July bulletin summary. This is because this vulnerability was first addressed in MS09-035.) See also the same CVE number in MS09-060. Bulletins replaced by this update: MS09-032. MS09-055 addresses the following CVE: ATL COM Initialization Vulnerability - CVE-2009-2493 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2493 A remote code execution vulnerability exists in the Microsoft ActiveX controls listed in the FAQ section of this vulnerability, which were compiled using the vulnerable Microsoft Active Template Library described in Microsoft Security Bulletin MS09-035. An attacker could exploit the vulnerability in these controls by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel secur
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=971050&poid=
|
