[12165] in bugtraq
Re: ActiveX Buffer Overruns
daemon@ATHENA.MIT.EDU (Michael Nelson)
Fri Oct 8 16:44:04 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9910061834190.19809-100000@dingo.sta.cathedral.org>
Date: Wed, 6 Oct 1999 18:35:57 -0400
Reply-To: Michael Nelson <mikenel@IAPETUS.COM>
From: Michael Nelson <mikenel@IAPETUS.COM>
X-To: Chris <mlnn4@OAKS.COM.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199910061115.VAA03824@aussie.org>
On Wed, 6 Oct 1999, Chris wrote:
> Scuse me for butting in, but I have to say that this is only partially
> correct.
>
> YES, the com subsystem will marshall data sent to/from a 'remote' COM object
> (be that a separate process on the same system, or a process on a remote
> machine).
>
> But NO, the com subsystem does NOT marshall data for an inproc server (i.e.
> any COM object exposed as a .DLL, .OCX, or .whatever-Microsoft-calls-them-
> today.
Clarification -- if the caller and the object are in different apartments
-- even within the same process -- marshaling occurs.
-mike
