Re: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

From: Polazzo Justin (Justin.Polazzo_at_FACILITIES.GATECH.EDU)
Date: 09/15/04

  • Next message: Russ Cooper: "MinorRev: Microsoft Security Bulletin MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)" 
    Date:         Wed, 15 Sep 2004 11:22:29 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    I am trying to distribute the patch via patch management software, the
    problem is, Do I replace all incarnations if gdiplus.dll?

    If I have a win2k box running IE6 sp1, I install the IE6 patch.

    Fine, I can handle that, but what about my win2k boxes running AutoCAD
    2004, Visio, IE6 and Dreamweaver? (all have gdiplus.dll, not sure which
    ones need updating, but since the app versions of the dll are 5.1.3097.3
    (.net) and 5.1.3097 (ACAD) and the ms replacement dll's are 5.1.3102 I
    am assuming yes)

    Is the package I should write is <script that looks for the DLL version
    X and above, then replaces it with version Y> Would I use the SDK dll
    for these other apps? Anyone know how to query for a dll version?

    Suggestions responses, and posting this will be greatly appreciated!!

    JP

    Ps: ARRRgh!!

    P.p.s: Am I missing the all in one patch? Is the GDI+ Detection Tool
    available as download? Will the GDI detection tool search through non-ms
    sw?

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Russ Cooper: "MinorRev: Microsoft Security Bulletin MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)"

    Relevant Pages

    • MD5s of Unofficial patches and other mistakes
      ... Now that the official patch is out, ... I got too paranoid, for good reason. ... When I saw the source code, which works patching a DLL at run-time based ... I'm offered an MD5 from the SAME distributing site that serves the patch installer. ...
      (Bugtraq)
    • RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
      ... I am trying to distribute the patch via patch management software, ... Is the package I should write is <script that looks for the DLL version ... Will the GDI detection tool search through non-ms ...
      (Bugtraq)
    • Re: WMF Windows security flaw - change your browser
      ... They are recommending the following "unofficial" patch, which has been tested and approved by a number of security organizations ... >> obsolete DLL? ... > Disabling the "shimgvw" DLL may solve the problem, but also removes some current Windows functionality. ... > really do need a fix from Microsoft to put this thing to bed. ...
      (rec.audio.pro)
    • Re: v5.Windows update error 0x800A01A
      ... I've loaded the XML patch referenced in another thread. ... solve the problem, I manually registered thost DLLs, just to be sure. ... registering/reregistering the DLL has no efffect that I can see. ... removing or renaming the DLL to force another download doesn't solve the ...
      (microsoft.public.windowsupdate)
    • Re: (off topic) WMF Windows vulnerability : part II
      ... Lots of attacks exploiting this flaw in Windows MetaFiles: ... Microsoft now suggesting you disable the dll that allows you to create thumbnail icons in Explorer ... it kills the ability for Windows Explorer to display thumbnail images but I'm afraid we'll have to live without it until an official patch from Microsoft comes out. ...
      (soc.culture.thai)