Author Topic: Anyone who has done Microsoft ATL coding  (Read 1266 times)

0 Members and 1 Guest are viewing this topic.

Offline Echelon9

  • 210
Anyone who has done Microsoft ATL coding
.. should read this MS Security Advisory.

Microsoft shipped publicly, and used internally private ATL libraries which contain security vulnerabilities. Key takeaway is that you may need to recompile programs utilising ATL code with the patched libraries for them to be secure.

Affects Microsoft Visual Studio .NET 2003, Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, Microsoft Visual C++ 2005 Redistributable Package, and Microsoft Visual C++ 2008 Redistributable Package.

Further Visual Studio details here, and the implications for Internet Explorer (which utilised the vulnerable ATL libraries) as one example affected program here.

 
Re: Anyone who has done Microsoft ATL coding
Unfortunately, this one is not surprising:
Code: [Select]
OleLoadFromStream
FSO should be fine - there's nothing we can do about controls that Microsoft distribute, and we don't use any of the affected components (and we don't use ATL serialization either).

Cheers for the pointer! (*groan*)
STRONGTEA. Why can't the x86 be sane?

 

Offline Echelon9

  • 210
Re: Anyone who has done Microsoft ATL coding
Cheers for the pointer! (*groan*)
Lame joke of the week award :)