# Thursday, 12 April 2012
« Lang.NEXT | Main | New Development Snapshot »
MS12-025

This patch Tuesday Microsoft released MS12-025 that fixes approximately a zillion vulnerabilities in System.Drawing.dll.

Here's what they fixed (multiple instances of each issue):

  • Added security demands to unsafe methods.
  • Wrap handles in SafeHandle instead of using IntPtr.
  • Use checked to guard against integer overflow when calculating how many bytes to AllocHGlobal.

It's a little embarassing to have so many vulnerabilities in this old code. Luckily, silently running .NET code in the browser is becoming a thing of the past.

Thursday, 12 April 2012 12:33:30 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]
Name
E-mail
Home page

I apologize for the lameness of this, but the comment spam was driving me nuts. In order to be able to post a comment, you need to answer a simple question. Hopefully this question is easy enough not to annoy serious commenters, but hard enough to keep the spammers away.

Anti-Spam Question: What method on java.lang.System returns an object's original hashcode (i.e. the one that would be returned by java.lang.Object.hashCode() if it wasn't overridden)? (case is significant)

Answer:  
Comment (HTML not allowed)  

Live Comment Preview