What is the severity of CVE-2009-2493?

CVE-2009-2493 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2009-2493?

No known public exploits are currently available for CVE-2009-2493.

Is there a patch available for CVE-2009-2493?

Yes, patches are available for CVE-2009-2493. Check the vendor advisories for update instructions.

CVE-2009-2493 - CVE Details, Severity, and Analysis

CVE-2009-2493 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v30.0

CVSS v29.3

Priority Score0.0

EPSS Score42.0

None

Exploitation LikelihoodHigh

42.00%EPSS

High probability of exploitation in the next 30 days

Prioritize patching within days

42.00%

EPSS

0.0

CVSS

Exploit

Yes

Patch

Medium Priority

high EPSS

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Patch References

[email protected][email protected]Zeroday CZ

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Microsoft	Windows Vista
Microsoft