HLP Network

News:

HLP Donations Page has been reworked for supporting the site.
Please note that the previous "Tiers" are currently not operational (but will be worked on).
You can still cancel any previous re-occurring donations to make new ones which will go to the new Treasurer Admin (Zacam).

 
« Previous Thread Next Thread »
Print
Pages: [1]   Go Down

Author Topic: Anyone who has done Microsoft ATL coding  (Read 2056 times)

0 Members and 1 Guest are viewing this topic.

Offline Echelon9

  • 210
Anyone who has done Microsoft ATL coding
on: July 28, 2009, 01:10:12 pm
.. should read this MS Security Advisory.

Microsoft shipped publicly, and used internally private ATL libraries which contain security vulnerabilities. Key takeaway is that you may need to recompile programs utilising ATL code with the patched libraries for them to be secure.

Affects Microsoft Visual Studio .NET 2003, Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, Microsoft Visual C++ 2005 Redistributable Package, and Microsoft Visual C++ 2008 Redistributable Package.

Further Visual Studio details here, and the implications for Internet Explorer (which utilised the vulnerable ATL libraries) as one example affected program here.
 

Offline portej05

  • 29
Re: Anyone who has done Microsoft ATL coding
Reply #1 on: July 28, 2009, 09:35:40 pm
Unfortunately, this one is not surprising:
Code: [Select]
OleLoadFromStream
FSO should be fine - there's nothing we can do about controls that Microsoft distribute, and we don't use any of the affected components (and we don't use ATL serialization either).

Cheers for the pointer! (*groan*)
STRONGTEA. Why can't the x86 be sane?
 

Offline Echelon9

  • 210
Re: Anyone who has done Microsoft ATL coding
Reply #2 on: July 28, 2009, 09:45:35 pm
Quote from: portej05 on July 28, 2009, 09:35:40 pm
Cheers for the pointer! (*groan*)
Lame joke of the week award :)
Print
Pages: [1]   Go Up
« Previous Thread Next Thread »