# Thursday, April 12, 2012
« Lang.NEXT | Main | New Development Snapshot »
MS12-025

This patch Tuesday Microsoft released MS12-025 that fixes approximately a zillion vulnerabilities in System.Drawing.dll.

Here's what they fixed (multiple instances of each issue):

  • Added security demands to unsafe methods.
  • Wrap handles in SafeHandle instead of using IntPtr.
  • Use checked to guard against integer overflow when calculating how many bytes to AllocHGlobal.

It's a little embarassing to have so many vulnerabilities in this old code. Luckily, silently running .NET code in the browser is becoming a thing of the past.

Thursday, April 12, 2012 12:33:30 PM (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]