MS09-035 Vulnerability & Impact On Application Development
https://stackoverflow.com/questions/1212652
-
06-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Does anyone know if these patches http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx and http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx will apply to software built using one of the 'pure' (ie. not managed C++) .NET languages?
I believe the answer is that they are unaffected as this seems to be a pure ATL vulnerability, but don't have enough knowledge in the underlying usage of ATL in the CLR to know.
Solution
In the Affected and Non-Affected Software section, Visual Studio 2003, 2005, 2008 are listed, but the .NET frameworks are not listed.
There's a section on the page that provides developer details: Active Template Library Security Update for Developers and that article is explicitly targetted at Visual C++ developers and makes no mention of the .NET framework.
So given the above lack of mention of .NET framework: No News is Good News!
You can also follow this diagram to determine if you're vulnerable:
