Re: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
From: Polazzo Justin (Justin.Polazzo_at_FACILITIES.GATECH.EDU)
Date: 09/15/04
- Previous message: Joe Dance: "Changed Firewall Policy in XP SP2"
- Maybe in reply to: Russ Cooper: "Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)"
- Next in thread: Mikael Rönnbäck: "Re: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Sep 2004 14:38:15 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
As far as the AutoCAD patch, I do not think their 2004 and previous
versions are affected. Don't have 2005 to test it. The dll version
5.1.3097.0 is the same in (Win2k) %windir%\system32 and Program
Files\AutoCAD 2004. As win2k is not by itself affected by the JPEG vuln,
I am going to assume that the same version DLL in AutoCAD is not
vulnerable. The versions of the dll I have seen that are replaced after
windows update/GDI+ Tool are 5.1.3097.3 and above.
Sorry to flood your inboxes, but this exploit seems a likely candidate
for a worm like infection with the possibility of distributing it via
email, IM (Buddy Icons?), or web page. I am prone to over-react though.
Either way Jimmy Lehmkuhl wrote a nice API call that looks for dll
versions, we are packaging it with the Patchlink PDK and a script to
replace affected versions. We can now replace older versions (5.1.3097.3
and up) wherever they may lie. Much better than MS's patch IMHO :)
JP
P.s.:
It is worth noting that if you install all patches via windows update,
including the "recommended update" of .net 1.1, you then need to update
.net's GDI+ dll after a reboot.
-----Original Message-----
From: Jeffrey Thomas [mailto:jthomas@etaxfn.com]
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----
- Previous message: Joe Dance: "Changed Firewall Policy in XP SP2"
- Maybe in reply to: Russ Cooper: "Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)"
- Next in thread: Mikael Rönnbäck: "Re: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
