It comes as no surprise too , microsoft’s paradigm for adding new features is reinventing the wheel , and they overengineer it just to the point where it is inevitable to break , and impossible to determine why it did so.
Without further adieu let me present MicroSoft Visual C++ 2005 and it’s brand new ‘wheel’ , i mean deployment model , dll’s now have to come with manifests and policies , and rely on the Side-by-Side service and this is is just a rough sketch , you can seehttp://msdn2.microsoft.com/en-us/library/ms235342.aspx for in depth details , there is a method to this madness you know , as always.
To put it bluntly however what you have are :
2 files in %windir%WinSxSManifests , a .cat file (security catalog , for the policy) and a .manifest file (xml file for describing the libraries)
then you have a directory in %windir%WinSxS where you need to put your actual libraries (directory name and filenames being a mix of the name , version , hash , and architecture so you wind up with something like x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50608.0_x-ww_6262d37f
, nice )
Ok , so now to the explanation , all that is microsoft striving to accomplish with all this is so we can have different version of the same library for our programs that were built with and require a specific version of it , when all you had to do to achieve this since windows 3.1 till 2000 was drop the library in the same location with the program , as a windows program will always try to load a library from its parent folder first , then start looking in every path for it , so you had different versions of the same library , each with the program that required that version.
There can be much more to be said but i rest my case for now , what are the platforms that are ‘vulnerable’ , i mean capable of this new deployment model you might ask , why it’s NT 5.2 and it’s older brother NT 5.1 (vulgarly known as Windows 2003 and XP respectively)