Hi,
My team have been using Infragistics Net Advantage 2007 for .Net CLR 2.0 for the past 2 years. Recently Microsoft announced that there is a security flaw in their Active Template Library(ATL) code:
http://www.networkworld.com/news/2009/072709-microsoft-rushes-clutch-patch-for.html?page=1
http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
Does Net Advantage 2007 utilize the ATL? If so, in which components?
Any reply is appreciated as this is a hot issue inside my company right now where several .Net projects use Infragistics.
Karthik Sukumar
No, those components are not supported or maintained at this point; I believe that these products were retired at the latest of around October 2005. For more information, please see the following KB article:
Product Lifecycle: Maintenance & Support Schedule
-Matt
Thank you for the reply. We also have few more components for our VB6 application:
Infragistics Active Threed Plus 4.0
Infragistics Active TreeView Control
Are they still supported?
That component is really old and hasn't been supported for a few years, nor maintained for even longer than that, so I honestly don't know if it's susceptible to this vulnerability.
We are using the following component: specifically ProtoView TreeViewX v8.0 . Just wonder if it is also safe from this vulnerability.
Karthik,
Speaking from the Windows Forms perspective and from the articles mentioned and looking into what ATL is, I don't think that you will have any issues with Infragistics components since they are written in C#, while ATL seem to be for C++ for COM interoperability. The Infragistics controls are, with the exception of needing to call Windows APIs (through PInvoke), written in managed code so I don't think that you have anything to worry about in this regard. I can't say for certain whether the Web controls utilize any of this functionality, but I would think not given the more limited trust environment and lack of need for such things.