SecurityHome.eu MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

Home / bulletins

MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) - Version:1.3
Posted on 12 January 2010
There is an newer version: MS09-060 - Version: 1.5
Critical
Severity Rating: Critical - Revision Note: V1.3 (January 12, 2010): Revised this bulletin to announce a detection logic change to fix the issue where the June 9, 2009 update for Outlook 2007 (KB969907) was incorrectly being offered in addition to the update package for Microsoft Office Outlook 2007 (KB972363). This is a deployment change only that does not affect the files contained in the initial update. Customers who have successfully updated their systems do not need to reinstall this update.Summary: This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Link
Other versions
MS09-060 - Version: 1.1
MS09-060 - Version: 1.2
MS09-060 - Version: 1.0
MS09-060 - Version: 1.3
MS09-060 - Version: 1.4
MS09-060 - Version: 1.5

TOP

Bulletins :

Last 20

Exploits :

Last 20