Systems Affected are listed below:
- Microsoft Windows and Windows Server;
- Microsoft Internet Explorer;
- Microsoft Visual Studio and C++ Redistributable Package;
- ActiveX controls from multiple vendors.
Microsoft has released updates for critical vulnerabilities in Internet Explorer. The updates also include mitigations for attacks against vulnerable ActiveX controls that were created using vulnerable versions of the Active Template Library (ATL).
Vulnerabilities present in the ATL can cause vulnerabilities in the resulting ActiveX controls and COM components. For example, the ATL typographical error described in this Security Development Lifecycle blog post caused the Microsoft Video ActiveX control stack buffer overflow (VU#180513, CVE-2008-0015).
Any ActiveX control or COM component that was created with a vulnerable version of the ATL may be vulnerable. For example, Adobe and Cisco are affected.