RCE in Microsoft Visual_c\+\+
CVE-2009-2493
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1…
EPSS: 0.526 (98.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Visual_c\+\+ — versions 2005, 2008
- Microsoft Visual_studio — versions 2003, 2005, 2008
- Microsoft Windows_2000
- Microsoft Windows_2003_server
- Microsoft Windows_server_2008
- Microsoft Windows_vista
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secure@microsoft.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
- secure@microsoft.com (vendor-advisory, x_refsource_SUNALERT, Broken Link)
- secure@microsoft.com (signature, x_refsource_OVAL, vdb-entry)
- secure@microsoft.com (vdb-entry, x_refsource_VUPEN)
- secure@microsoft.com (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
- secure@microsoft.com (signature, x_refsource_OVAL, vdb-entry)
- secure@microsoft.com (x_refsource_CONFIRM, Third Party Advisory)
- secure@microsoft.com (x_refsource_CONFIRM, Third Party Advisory)
- secure@microsoft.com (x_refsource_CONFIRM, Third Party Advisory)
- secure@microsoft.com (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
Frequently asked questions
- What is CVE-2009-2493?
- CVE-2009-2493 is a high-severity vulnerability in Microsoft Visual_c\+\+, classified under CWE-264. CVSS score: 8.8/10. Published 2009-07-29.
- How severe is CVE-2009-2493?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2009-2493 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.