Re: Need to purge vulnerable gdiplus.dll?

• Previous message: Don Arthurs: "Re: Need to purge vulnerable gdiplus.dll?"
• Maybe in reply to: Don Arthurs: "Re: Need to purge vulnerable gdiplus.dll?"
• Next in thread: Ben Conrad: "Re: Need to purge vulnerable gdiplus.dll?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 30 Sep 2004 09:30:45 +0100
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

On Wed, 29 Sep 2004, Matthias Fichtner wrote:

>Russ wrote:
>> I have received in excess of 10 responses from people
>> who have, one way or another, been replacing vulnerable
>> versions of gdiplus.dll (anywhere they find them) with the
>> updated version. *They* say they have not encountered any
>> problems.
>
>I've tried that approach and failed. For example, the current version of
>Microsoft's PowerPoint 2003 Viewer (as downloaded yesterday) crashes, if
>you replace its vulnerable gdiplus.dll with an updated version of the DLL.

This hasn't proved to be the case with the Windows 2000 Workstation SP4
(all current hotfixes) machines I'm running here. I have PowerPoint 2003
Viewer on them (no Office installation at all) and currently there have
been no problems. Did you replace the v6 GDIPLUS.DLL (for some reason the
name is all in upper case for v6) with a non-vulnerable v6, or did you
replace it with a v5 gdiplus.dll (for some reason the name is all in lower
case for v5)?

As near as I can make out, the non-vulnerable versions are

Version 5: 5.1.3102.1360 and possibly 5.1.3102.2180
Version 6: 6.0.3264.0

Ben

--
Sysadmin, Faculty of History, University of Cambridge, England
Tel: +44 (0)1223 (3)35315  |  Email: Ben@hist.cam.ac.uk
Plugger of wire, typer of keyboard, imparter of Clue
        Life Is Short.          It's All Good.
--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--

• Previous message: Don Arthurs: "Re: Need to purge vulnerable gdiplus.dll?"
• Maybe in reply to: Don Arthurs: "Re: Need to purge vulnerable gdiplus.dll?"
• Next in thread: Ben Conrad: "Re: Need to purge vulnerable gdiplus.dll?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: OT - Cant we all agree???? ... The reason is that so many decent, honorable, ... I've observed your thoughtful and measured responses to Powell over ... Jeff is who he is. ... Is he the most important design engineer in the ... (rec.music.classical.recordings) Re: OT - Cant we all agree???? ... posters, why is it that I keep wandering into threads which they have ... The reason is that so many decent, honorable, ... I've observed your thoughtful and measured responses to Powell over ... Is he the most important design engineer in the ... (rec.music.classical.recordings) Re: Hardy-Weinberg law ... The finiteness of populations does not cause an excess ... Similarly, there is no reason ... started off with a discussion about the H-W model, ... We know nothing of "reality" except via the theories ... (sci.bio.evolution) Re: An Enemy of the People ... incite the most responses. ... This means it is useless to reason with him in any way. ... Bacarisse in particular spends a lot of time ... and Heathfield's contributions show his limitations. ... (comp.programming) Re: OS X compile ... Please do not be rude. ... I don't like Neo because he is continually, repeatedly, consistently, ... it has become since his responses to me have convinced me that he is not ... even slightly amenable to reason in this matter - and it would have ... (rec.games.roguelike.angband)