Boost :

Date view	Thread view	Subject view	Author view

Subject: [boost] Microsoft Security Bulletin MS09-03: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
From: Christian Eckstein (halserbe_at_[hidden])
Date: 2009-08-12 10:24:54

Next message: Vicente Botet Escriba: "Re: [boost] persistence library proposal ( with prototypeimplementation )"
Previous message: Stefan Strasser: "Re: [boost] persistence library proposal ( with prototypeimplementation )"
Next in thread: Neil Groves: "Re: [boost] Microsoft Security Bulletin MS09-03: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)"
Reply: Neil Groves: "Re: [boost] Microsoft Security Bulletin MS09-03: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)"

Hi,

I need to know the impact of the following security bulletin on Boost:
Microsoft Security Bulletin MS09-03: Vulnerabilities in Visual Studio Active
Template Library Could Allow Remote Code Execution (969706).

I found usage of ATL only in the range and regex libraries and it seems
that only string and array classes are used. None of the problematic methods
seem to be used that are described in the checklist at
http://msdn.microsoft.com/en-us/visualc/ee309358.aspx.

   - No class implements IUnknown so there is no ActiveX control.
   - No PROP_* macros are used
   - VT_* is not used
   - ReadFromStream is not used

I think no modification of Boost and no recompilation of the Boost binaries
is needed.
I would be very happy if somebody could confirm this.

Kind regards,
Christian

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk