Active Template Library (ATL) Vulnerability

Certain Cisco products ( Cisco Unity 4.x, 5x., and 7.x ) that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution.

In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml.


Published by

Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

One thought on “Active Template Library (ATL) Vulnerability”

Any opinion on this post? Please let me know:

This site uses Akismet to reduce spam. Learn how your comment data is processed.