I guess that is a Microsoft term, but basically, if you can't cast an integer to a pointer, you have managed code, and you have eliminated many classes of very severe security vulnerabilities. (I assume, of course, that code like "foo[42]" is logically two unsafe typecasts; pointer to integer, some integer math, and then integer to pointer. The third operation is the security problem.)

I don't think managed code is vulnerable to any additional types of exploits, other than holes in the runtime. But remember, if there is a hole in the runtime, you patch the runtime and Every Program Ever Written gets that fix. Everyone knows how to avoid buffer overflows in C, but sometime they mess something up and the app becomes vulnerable. The only way to fix that is to find the problem in the app and fix it... and hope that you got all of them this time.

There are plenty of ways managed code can be insecure, of course. I am trying to get root access on my Archos media player, and it is pretty easy because of their poor programming. There is a bash script running as root that downloads a named file from the Internet and puts it in a directory. Except oops, I control the Internet connection and the content that script downloads. I also control the filesystem that it writes to. So while I don't have root, I can get the system to overwrite any file I want, including /etc/shadow, and now I do have root. (Except, the filesystem is read-only, so this doesn't actually work. They got very very lucky. But their code is horribly crappy C, so it should be easy to exploit when I feel like spending time on it.)

A strange question. Almost every language we use today is "managed", by the Microsoft definition; "Managed C++" is a Microsoft term for bare-metal C++ with extra runtime protections. Of course Java is "managed".