Hi,
My team have been using Infragistics Net Advantage 2007 for .Net CLR 2.0 for the past 2 years. Recently Microsoft announced that there is a security flaw in their Active Template Library(ATL) code:
http://www.networkworld.com/news/2009/072709-microsoft-rushes-clutch-patch-for.html?page=1
http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
Does Net Advantage 2007 utilize the ATL? If so, in which components?
Any reply is appreciated as this is a hot issue inside my company right now where several .Net projects use Infragistics.
Karthik Sukumar
Karthik,
Speaking from the Windows Forms perspective and from the articles mentioned and looking into what ATL is, I don't think that you will have any issues with Infragistics components since they are written in C#, while ATL seem to be for C++ for COM interoperability. The Infragistics controls are, with the exception of needing to call Windows APIs (through PInvoke), written in managed code so I don't think that you have anything to worry about in this regard. I can't say for certain whether the Web controls utilize any of this functionality, but I would think not given the more limited trust environment and lack of need for such things.
-Matt
We are using the following component: specifically ProtoView TreeViewX v8.0 . Just wonder if it is also safe from this vulnerability.
That component is really old and hasn't been supported for a few years, nor maintained for even longer than that, so I honestly don't know if it's susceptible to this vulnerability.
No, those components are not supported or maintained at this point; I believe that these products were retired at the latest of around October 2005. For more information, please see the following KB article:
Product Lifecycle: Maintenance & Support Schedule
Thank you for the reply. We also have few more components for our VB6 application:
Infragistics Active Threed Plus 4.0
Infragistics Active TreeView Control
Are they still supported?