Some vulnerabilities have been reported in Microsoft Visual Studio, which can be exploited by malicious people to potentially bypass security features, gain knowledge of sensitive information, or compromise applications built using ATL (Active Template Library).

1) An error in the ATL headers when handling persisted streams can be exploited to cause VariantClear() to be called on a VARIANT that has not been correctly initialised. This can e.g. be exploited to corrupt memory via a web page passing a specially crafted stream to a vulnerable control.

Successful exploitation may allow execution of arbitrary code.

2) An error in the ATL headers when handling object instantiation from data streams may allow bypassing of security policies such as kill-bits in Internet Explorer if a control or component uses OleLoadFromStream() in an unsafe manner.

3) An error in ATL may result in a string being read without terminating NULL bytes, which can be exploited to disclose memory contents beyond the end of the string.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) The vendor credits David Dewey, IBM ISS X-Force.
2-3) The vendor credit Ryan Smith, iDefense Labs.

Changelog
Further details available to Secunia VIM customers

Original Advisory
MS09-035 (KB969706, KB971089, KB971090, KB971091, KB971092, KB973544, KB973551, KB973552, KB973830, KB973673, KB973674, KB973675):
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers