Hard Light Productions Forums

Off-Topic Discussion => Programming => Topic started by: Echelon9 on July 28, 2009, 01:10:12 pm

Title: Anyone who has done Microsoft ATL coding
Post by: Echelon9 on July 28, 2009, 01:10:12 pm

.. should read this MS Security Advisory (http://www.microsoft.com/technet/security/advisory/973882.mspx).

Microsoft shipped publicly, and used internally private ATL libraries which contain security vulnerabilities. Key takeaway is that you may need to recompile programs utilising ATL code with the patched libraries for them to be secure.

Affects Microsoft Visual Studio .NET 2003, Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, Microsoft Visual C++ 2005 Redistributable Package, and Microsoft Visual C++ 2008 Redistributable Package.

Further Visual Studio details here (http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx), and the implications for Internet Explorer (which utilised the vulnerable ATL libraries) as one example affected program here (http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx).

Title: Re: Anyone who has done Microsoft ATL coding
Post by: portej05 on July 28, 2009, 09:35:40 pm

Unfortunately, this one is not surprising:

Code: [Select]

OleLoadFromStream
FSO should be fine - there's nothing we can do about controls that Microsoft distribute, and we don't use any of the affected components (and we don't use ATL serialization either).

Cheers for the pointer! (*groan*)

Title: Re: Anyone who has done Microsoft ATL coding
Post by: Echelon9 on July 28, 2009, 09:45:35 pm

Quote from: portej05 on July 28, 2009, 09:35:40 pm

Cheers for the pointer! (*groan*)

Lame joke of the week award :)