Microsoft Visual Studio can automatically make an application binary planting-positive (i.e., vulnerable) even when the developer makes no programming errors. Every MFC application seems to be automatically made vulnerable, with those statically linking MFC libraries actually having the vulnerable code integrated in their executables, making it harder to deploy patches to users. http://blog.acrossecurity.com/2010/10/how-visual-studio-makes-your.html Pleasant reading, Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities Before Others Do