Microsoft's Component Object Model (COM) was designed to allow
interoperability between disjointed software components. It is a
standardized interface solution to the programming dilemmas involved in
object oriented programming, distributed transactions, and
inter-language communications. COM is involved at some level in DDE,
OLE, COM+, ActiveX, and DCOM. COM objects can be embedded in various
document formats, Web Pages, and various other media technologies.
Microsoft's Active Template Library (ATL) is a set of C++ templates
that simplify developing COM objects. More information on COM and ATL
can be found at the following URLs.
Microsoft's Component Object Model (COM) was designed to allow
interoperability between disjointed software components. It is a
standardized interface solution to the programming dilemmas involved in
object oriented programming, distributed transactions, and
inter-language communications. COM is involved at some level in DDE,
OLE, COM+, ActiveX, and DCOM. COM objects can be embedded in various
document formats, Web Pages, and various other media technologies.
Microsoft's Active Template Library (ATL) is a set of C++ templates
that simplify developing COM objects. More information on COM and ATL
can be found at the following URLs.
Microsoft's Component Object Model (COM) was designed to allow
interoperability between disjointed software components. It is a
standardized interface solution to the programming dilemmas involved in
object oriented programming, distributed transactions, and
inter-language communications. COM is involved at some level in DDE,
OLE, COM+, ActiveX, and DCOM. COM objects can be embedded in various
document formats, Web Pages, and various other media technologies.
Microsoft's Active Template Library (ATL) is a set of C++ templates
that simplify developing COM objects. More information on COM and ATL
can be found at the following URLs.
window from a content window, related to the window.opener property
(CVE-2009-3986).
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and
3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different
exception messages depending on whether the referenced COM object
is listed in the registry, which allows remote attackers to obtain
potentially sensitive information about installed software by making
multiple calls that specify the ProgID values of different COM objects
(CVE-2009-3987).
Amir, et al,
We would not classify this issue as a security vulnerability. The COM
object in question is *NOT* loadable in Internet Explorer in a default
configuration.
CLSID: {9A077D0D-B4A6-4EC0-B6CF-98526DF589E4}
ProgId: vbDevKit.CVariantFileSystem
Path to binary: C:\WINDOWS\vbDevKit.dll
Doesn't implement IObjectSafety
window from a content window, related to the window.opener property
(CVE-2009-3986).
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and
3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different
exception messages depending on whether the referenced COM object
is listed in the registry, which allows remote attackers to obtain
potentially sensitive information about installed software by making
multiple calls that specify the ProgID values of different COM objects
(CVE-2009-3987).
