|
Boost : |
Subject: [boost] Microsoft Security Bulletin MS09-03: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
From: Christian Eckstein (halserbe_at_[hidden])
Date: 2009-08-12 10:24:54
Hi,
I need to know the impact of the following security bulletin on Boost:
Microsoft Security Bulletin MS09-03: Vulnerabilities in Visual Studio Active
Template Library Could Allow Remote Code Execution (969706).
I found usage of ATL only in the range and regex libraries and it seems
that only string and array classes are used. None of the problematic methods
seem to be used that are described in the checklist at
http://msdn.microsoft.com/en-us/visualc/ee309358.aspx.
- No class implements IUnknown so there is no ActiveX control.
- No PROP_* macros are used
- VT_* is not used
- ReadFromStream is not used
I think no modification of Boost and no recompilation of the Boost binaries
is needed.
I would be very happy if somebody could confirm this.
Kind regards,
Christian
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk