Several of our Applications uses spring framework. All of our applications uses IOC Container and AOP modules of the Spring and not MVC module

Does it mean still our application is subjected to Spring Framework execution of arbitrary code issue - http://www.springsource.com/security/cve-2010-1622 ?

Based on the description and example provided on this issue, it sounds that application is subjected to attack, only if it uses MVC module. Is the statement is true? If it is the case, then should we have to upgrade the applications to 3.0.3 (where fix is applied).

Appreciate your response. Thanks.