On July 28, 2009 Microsoft published the following security bulletin indicating several vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio:
Microsoft Security Bulletin MS09-035 - Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
These vulnerabilities could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL.
SoftArtisans XFile version 2.4.2 (both SE and EE), and earlier versions, was built using a version of ATL that contains these vulnerabilities.
SoftArtisans has resolved these reported security issues in version 2.5.0 of XFile. We strongly recommend our customers to upgrade to version 2.5.0 or above.
Note: The Standard edition of XFile (XFileSE) version 2.5.0 can be obtained either separately or as part of FileUp Professional Edition version 5.3.0. The Enterprise edition of XFile (XFileEE) version 2.5.0 ships only with FileUp Enterprise Edition version 5.3.0. |
