Certain Cisco products ( Cisco Unity 4.x, 5x., and 7.x ) that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution.
In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.
Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml.
One thought on “Active Template Library (ATL) Vulnerability”