Welcome to the Xceed Community | Help
Community Search  
More Search Options

Compatibility of v6.5 with older versions

Sort Posts: Previous Next
  •  11-30-2009, 6:56 PM Post no. 25036

    Compatibility of v6.5 with older versions

    Starting with version 6.5.9417.0, which was distributed in package 3.2.9417.12000 on August 17, 2009, the Zip Compression Library included the following change:

    "Replaced usage of ATL macro PROP_ENTRY with PROP_ENTRY_TYPE in response to a possible but unlikely security vulnerability (MS09-035)."

    Microsoft published security bulletin MS09-035 that called to replace usage of an Active Template Library (ATL) macro called PROP_ENTRY() with PROP_ENTRY_TYPE(). These define what ActiveX properties will be seen by the target programming language. PROP_ENTRY() was found to be unsafe in certain situations since the property's type not strictly specified.

    Unfortunately, this change can cause compatibility problems in a form-based application where the component is used as a control. The ActiveX binary data associated with the control can be seen as invalid by v6.5. This has been seen with Visual Basic 6 and Delphi. Visual Studio-based languages don't seem to be affected.

    We will not go on supporting PROP_ENTRY_TYPE() so we reverted back to using PROP_ENTRY(). We will make a release and add a security notice in the documentation.

    As long as your Form data isn't directly modifiable by your end-users, which is a scenario that almost doesn't make sense, the security issues of our usage of PROP_ENTRY() will not affect your application.

    Until the new release is published on the main web-site, you can use the DLL attached to this post. It should fix the compatibility issue.

    UPDATE: This bugfix is now part of the general release on the main website starting with package Xceed Components 3.2.9616.13400 (December 21, 2009) and later. The XceedZip.dll version will be 6.5.9562 and up.

View as RSS news feed in XML
Contact | Site Map | Reviews | Legal Terms of Use | Trademarks | Privacy Statement Copyright 2011 Xceed Software Inc.