Reputation: 8890
MS09-035 Vulnerability & Impact On Application Development
Does anyone know if these patches http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx and http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx will apply to software built using one of the 'pure' (ie. not managed C++) .NET languages?
I believe the answer is that they are unaffected as this seems to be a pure ATL vulnerability, but don't have enough knowledge in the underlying usage of ATL in the CLR to know.
Upvotes: 2
Views: 401
Answers (1)
Reputation: 43855
In the Affected and Non-Affected Software section, Visual Studio 2003, 2005, 2008 are listed, but the .NET frameworks are not listed.
There's a section on the page that provides developer details: Active Template Library Security Update for Developers and that article is explicitly targetted at Visual C++ developers and makes no mention of the .NET framework.
So given the above lack of mention of .NET framework: No News is Good News!
You can also follow this diagram to determine if you're vulnerable:
Upvotes: 8
Related Questions
- C# Security Risks
- Code Access Security is a joke?
- Security vulnerabilities of the .NET platform?
- Code Security in .Net
- Security in asp .net
- .net Assembly security question
- .NET 3.5 security question
- Application security issues to consider
- Writing secure asp.net applications
- Interesting Security Question for .net developers