RE: Detecting new Windows .jpeg exploit

From: Bowes, Ronald (EST) (RBowes_at_gov.mb.ca)
Date: 09/16/04

  • Next message: Roger A. Grimes: "RE: Detecting new Windows .jpeg exploit" 
    To: "'H Carvey'" <keydet89@yahoo.com>, security-basics@securityfocus.com
Date: Thu, 16 Sep 2004 16:16:35 -0500

    > Another option would be to obtain file version information from
    > gdiplus.dll on an unpatched machine, and then compare that to that from a
    > patched machine. Then write a Perl script to connect to each system as a
    > domain admin and pull the file version information from that file. Any
    > system on which the file versioning information does not equal what you
    > found on the patched system should be considered vulnerable.

    That's what I was looking for, the actual file that we can fingerprint on
    the machines so that we can tell.

    Sorry if I used some confusing language, even I wasn't entirely sure what I
    was thinking when I wrote that.

    Thanks!

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------

  • Next message: Roger A. Grimes: "RE: Detecting new Windows .jpeg exploit"