Delphi and Microsoft ATL security issue

Question

My impression is that standard Delphi uses the Win32 API.

Recently Microsoft has been communicating a problem regarding ATL that requires application developers to rebuild ATL-using applications after installing an update on their machines. Will this practice be the general case also for Delphi developers, or are they in the clear with the exception of Delphi code using third party ATL COM objects?

Sources:

• Microsoft Security: Protect your computer from the Active Template Library (ATL) security vulnerability
• MSDN VC++ DevCenter: Active Template Library Security Update for Developers
• Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
• Microsoft Security Bulletin MS09-034 - Critical: Cumulative Security Update for Internet Explorer (972260)
• Microsoft Security Bulletin MS09-035 - Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

Answer 1

The ATL is a template library for C++ code, and so it has nothing to do with Delphi. If you're using 3rd party ATL COM objects, then yes, those will have to be rebuilt, but your Object Pascal code is safe.

Answer 2

This was mostly caused by unsafe string handling routings in ATL - thankfully string handling in Delphi is completely different and separate. No need to worry.