FW: Office Viewers vulnerable to gdiplus.dll issue [sr]

jlawson-bugtraq_at_BOVINE.NET
Date: 09/24/04

  • Next message: k levinson: "Re: Inconsistencies between Windows Updates and AU/SUS" 
    Date:         Fri, 24 Sep 2004 11:31:59 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Perhaps some list readers might want to be aware of the potential
    vulnerability in the unsupported Microsoft Office Viewer utilities, in case
    they are deployed within their networks.

    Jeff

    -----Original Message-----
    From: Microsoft Security Response Center [mailto:secure@microsoft.com]
    Sent: Friday, September 24, 2004 11:09 AM
    To: Jeff Lawson
    Cc: Microsoft Security Response Center
    Subject: RE: Office Viewers vulnerable to gdiplus.dll issue [sr]

    Jeff,

    At this time, we do not offer servicing of viewers. They are not officially
    supported or serviced.

    Now some things are in the works and that may change in the near future.

    Thanks
    Scott

    -----Original Message-----
    From: Jeff Lawson
    Sent: Thursday, September 23, 2004 5:38 PM
    To: Microsoft Security Response Center
    Subject: Office Viewers vulnerable to gdiplus.dll issue

    I'm wondering if the MS Office Viewers need to be updated as well? For
    example in my "C:\Program Files\Microsoft Office\PowerPoint Viewer"
    directory and in "C:\Program Files\Microsoft Office\OFFICE11" there is a

    gdiplus.dll library with these details (version 6.0.3260.0):

    06/20/2003 01:28 PM 1,777,664 GDIPLUS.DLL

    I have installed the PowerPower Viewer 2003 and the Visio Viewer 2003, but
    the Office Update webpage does not detect any products that need fixing.

    The security bulletin makes no mention of the Office Viewers:
    http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
    although it does mention that version 6.0.3260.0 is vulnerable.

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: k levinson: "Re: Inconsistencies between Windows Updates and AU/SUS"