Re: gdiplus.dll security question
From: Jentle Jiant (jentle_at_jiant.com)
Date: 09/17/04
- Next message: Torgeir Bakken \(MVP\): "Re: gdiplus.dll security question"
- Previous message: Torgeir Bakken \(MVP\): "Re: MS04-028 IE 6.0 SP1 patch"
- In reply to: Roger Abell [MVP]: "Re: gdiplus.dll security question"
- Next in thread: Torgeir Bakken \(MVP\): "Re: gdiplus.dll security question"
- Reply: Torgeir Bakken \(MVP\): "Re: gdiplus.dll security question"
- Reply: Roger Abell [MVP]: "Re: gdiplus.dll security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Sep 2004 13:32:40 -0700
Thank you so much for your clear and informative response. Very very
helpful and reassuring.
I was, prior to your information, extremely frustrated trying to
clarify the situation. I must also state that my prior questions were
badly phrased. It took a couple of days for me to even begin to
understand what this alert really meant.
I wish MS had the sense to publish such an explanation as yours, in
language that any reasonably literate non-technically trained or
experienced person could understand. Very well done on your part.
Please see below.
On Fri, 17 Sep 2004 12:05:53 -0700, "Roger Abell [MVP]"
<mvpNoSpam@asu.edu> wrote:
>I assume when you said 5.3.x you did mean version 5.1.3102.1355 ?
>A 5.1.x.y version at or above this does not have the exploitable code
>Having a copy of the 5.1.x.y dll below this version does not automatically
>mean that you have a problem.
I have four instances of gdiplus.dll:
one is in Picture It, v. 5..1.3102.1355
The others are all in WinSxS as follows:
V. 5.1.3097.0
v. 5.1.3101.0
V. 5.1.3102.2180
Based on your response I now feel comfortable in saying that my
computer is safe.
Just one last question, if you are able to address it.
Is it possible, or even likely, that this JPEG coding will be regarded
as a virus and included in the updates from the various Virus control
apps?
Thanks again, I truly appreciate it.
Jentle Jiant
> If the dll is in the WinSxS directory then
>it cannot be used if the OS patch for ms04-028 has been applied.
>Even if there are other instances below the threshold present, then
>something needs to cause that instance to be used with a specially
>crafted jpeg.
>However, you may have jpeg handling applications that use their
>own code and do not use gdiplus.dll. Once your system is cleaned of
>versions not in WinSxS that are below the version threshold(s), then
>you are assured that jpegs cannot cause this gdiplus.dll overflow
>based exploit.
- Next message: Torgeir Bakken \(MVP\): "Re: gdiplus.dll security question"
- Previous message: Torgeir Bakken \(MVP\): "Re: MS04-028 IE 6.0 SP1 patch"
- In reply to: Roger Abell [MVP]: "Re: gdiplus.dll security question"
- Next in thread: Torgeir Bakken \(MVP\): "Re: gdiplus.dll security question"
- Reply: Torgeir Bakken \(MVP\): "Re: gdiplus.dll security question"
- Reply: Roger Abell [MVP]: "Re: gdiplus.dll security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
