MS09-035应用程序开发的漏洞和影响
[英]MS09-035 Vulnerability & Impact On Application Development
问题描述
Does anyone know if these patches http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx and http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx will apply to software built using one of the 'pure' (ie. not managed C++) .NET languages? 
有谁知道这些补丁是否会http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx和http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx适用于使用“纯”(即非托管C ++).NET语言之一构建的软件?
I believe the answer is that they are unaffected as this seems to be a pure ATL vulnerability, but don't have enough knowledge in the underlying usage of ATL in the CLR to know. 我相信答案是他们没有受到影响,因为这似乎是一个纯粹的ATL漏洞,但是对CLR中ATL的基本用法知之甚少。
1 个解决方案
解决方案1
8 已采纳 2009-07-31 14:22:36
In the Affected and Non-Affected Software section, Visual Studio 2003, 2005, 2008 are listed, but the .NET frameworks are not listed. 在“ 受影响和不受影响的软件”部分中,列出了Visual Studio 2003,2005,2008,但未列出.NET框架。
There's a section on the page that provides developer details: Active Template Library Security Update for Developers and that article is explicitly targetted at Visual C++ developers and makes no mention of the .NET framework. 页面上有一个部分提供开发人员详细信息:开发人员的活动模板库安全更新 ,该文章明确针对Visual C ++开发人员,并未提及.NET框架。
So given the above lack of mention of .NET framework: No News is Good News ! 所以鉴于上面没有提到.NET框架: 没有新闻是好消息 !
You can also follow this diagram to determine if you're vulnerable: 您还可以按照此图表确定您是否容易受到攻击:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.