The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.0.601. Such versions were compiled against a version of Microsoft's Active Template Library (ATL) that contained a vulnerability. If an attacker can trick a user of the affected software into opening such a file, this issue could be leveraged to execute arbitrary code with the privileges of that user.

Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870).

One or more ActiveX controls included in Microsoft Outlook or Visio and installed on the remote Windows host was compiled with a version of Microsoft Active Template Library (ATL) that is affected by potentially several vulnerabilities :

  - An issue in the ATL headers could allow an attacker to     force VariantClear to be called on a VARIANT that has     not been correctly initialized and, by supplying a     corrupt stream, to execute arbitrary code.
    (CVE-2009-0901)

  - Unsafe usage of 'OleLoadFromStream' could allow     instantiation of arbitrary objects which can bypass     related security policy, such as kill bits within     Internet Explorer. (CVE-2009-2493)

  - An attacker who is able to run a malicious component or     control built using Visual Studio ATL can, by     manipulating a string with no terminating NULL byte,     read extra data beyond the end of the string and thus     disclose information in memory. (CVE-2009-2495)

Specially crafted Flash (SWF) files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. (CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 / CVE-2009-1868 / CVE-2009-1869 / CVE-2009-1870)

The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly affected by multiple vulnerabilities : 

  - A memory corruption vulnerability that could potentially     lead to code execution. (CVE-2009-1862) 

  - A vulnerability in the Microsoft Active Template Library     (ATL) which could allow an attacker who successfully     exploits the vulnerability to take control of the     affected system. (CVE-2009-0901, CVE-2009-2395,     CVE-2009-2493) 

  - A privilege escalation vulnerability that could     potentially lead to code execution. (CVE-2009-1863)

  - A heap overflow vulnerability that could potentially     lead to code execution. (CVE-2009-1864) 

  - A NULL pointer vulnerability that could potentially     lead to code execution. (CVE-2009-1865) 

  - A stack overflow vulnerability that could potentially     lead to code execution. (CVE-2009-1866) 

  - A clickjacking vulnerability that could allow an     attacker to lure a web browser user into unknowingly     clicking on a link or dialog. (CVE-2009-1867 

  - A URL parsing heap overflow vulnerability that could     potentially lead to code execution. (CVE-2009-1868)

  - An integer overflow vulnerability that could potentially     lead to code execution. (CVE-2009-1869) 

  - A local sandbox vulnerability that could potentially     lead to information disclosure when SWFs are saved to     the hard drive. CVE-2009-1870)

The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities :

  - On systems with components and controls installed that     were built using Visual Studio ATL, an issue in the ATL     headers could allow an attacker to force VariantClear     to be called on a VARIANT that has not been correctly     initialized and, by supplying a corrupt stream, to     execute arbitrary code. (CVE-2009-0901)

  - On systems with components and controls installed that     were built using Visual Studio ATL, unsafe usage of     OleLoadFromStream could allow instantiation of     arbitrary objects that can bypass related security     policy, such as kill bits within Internet Explorer.
    (CVE-2009-2493)

  - On systems with components and controls installed that     were built using Visual Studio ATL, an issue in the ATL     headers could allow a string to be read without a     terminating NULL character, which could lead to     disclosure of information in memory. (CVE-2009-2495)

The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities :

  - A remote code execution issue affects the Microsoft     Video ActiveX Control due to the a flaw in the function     'CComVariant::ReadFromStream' used in the ATL header,     which fails to properly restrict untrusted data read     from a stream. (CVE-2008-0015)

  - A remote code execution issue exists in the Microsoft     Active Template Library due to an error in the 'Load'     method of the 'IPersistStreamInit' interface, which     could allow calls to 'memcpy' with untrusted data.
    (CVE-2008-0020)

  - An issue in the ATL headers could allow an attacker to     force VariantClear to be called on a VARIANT that has     not been correctly initialized and, by supplying a     corrupt stream, to execute arbitrary code.
    (CVE-2009-0901)

  - Unsafe usage of 'OleLoadFromStream' could allow     instantiation of arbitrary objects which can bypass     related security policy, such as kill bits within     Internet Explorer. (CVE-2009-2493)

  - A bug in the ATL header could allow reading a variant     from a stream and leaving the variant type read with     an invalid variant, which could be leveraged by an     attacker to execute arbitrary code remotely.
    (CVE-2009-2494)

According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.

ID	Name	Product	Family	Published	Updated	Severity
40421	Shockwave Player < 11.5.0.601 Multiple Vulnerabilities (APSB09-11)	Nessus	Windows	7/29/2009	11/15/2018	high
40488	openSUSE Security Update : flash-player (flash-player-1148)	Nessus	SuSE Local Security Checks	8/5/2009	6/8/2022	high
42116	MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)	Nessus	Windows : Microsoft Bulletins	10/14/2009	11/15/2018	high
40489	openSUSE Security Update : flash-player (flash-player-1148)	Nessus	SuSE Local Security Checks	8/5/2009	6/8/2022	high
41392	SuSE 11 Security Update : flash-player (SAT Patch Number 1149)	Nessus	SuSE Local Security Checks	9/24/2009	6/8/2022	high
42001	openSUSE 10 Security Update : flash-player (flash-player-6387)	Nessus	SuSE Local Security Checks	10/6/2009	6/8/2022	high
40434	Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10)	Nessus	Windows	7/30/2009	6/8/2022	high
51731	SuSE 10 Security Update : flash-player (ZYPP Patch Number 6386)	Nessus	SuSE Local Security Checks	1/27/2011	6/8/2022	high
40435	MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)	Nessus	Windows : Microsoft Bulletins	7/30/2009	8/5/2020	high
40556	MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)	Nessus	Windows : Microsoft Bulletins	8/11/2009	8/5/2020	high
108811	Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)	Nessus	Windows	4/3/2018	8/5/2020	critical

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

critical