Vulnerabilities in Visual Studio Active Template Library

Microsoft released an out-of-band security bulletin to address security bugs in the Active Template Library. Microsoft strongly recommends that developers who have built controls or components with Active Template Library take immediate action to evaluate their controls for exposure to a vulnerable condition and follow the guidance provided to create controls and components that are not vulnerable. Many versions of Visual Studio application are affected.

What is Active Template Library?

The Active Template Library is a set of template-based C++ classes with which you can easily create small, fast Component Object Model (COM) objects such as ActiveX controls.

More details are here:

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx http://www.microsoft.com/technet/security/advisory/973882.mspx http://msdn.microsoft.com/en-us/visualc/ee309358.aspx http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx

http://blogs.technet.com/bluehat/archive/2009/07/27/black-hat-usa-atl-killbitbypass.aspx

http://msdn.microsoft.com/en-us/library/727z646z%28VS.71%29.aspx