Re: MS04-028 & vendor copies of gdiplus.dll

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 09/28/04


Date: Tue, 28 Sep 2004 13:47:13 +0200

BeamGuy wrote:

> Thanks...
>
> My four copies are all vulnerable... Where might I find a good version?
Hi

As long as you are finished installing *all* relevant updates from
the MS04-028 bulletin (see link below), if you still find 5.1.x.x
gdiplus.dll files on the hard disk with a lesser version number than
5.1.3102.1355 (outside any %windir%\WinSxS\... folder that is),
you should replace them with the gdiplus.dll v5.1.3102.1360 file
that is available here:

Platform SDK Redistributable: GDI+
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
(this download link is also found in the MS04-028 bulletin)

I suggest you create a backup somewhere of all the old 5.1.x.x
versions before replacing them, just in case the application using
the dll doesn't like the replacement (unlikely though).

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx


Relevant Pages

  • Re: gdiplus.dll security question
    ... The Office Update site does not ask me to ... Microsoft Security Bulletin MS04-028 ... Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.security)
  • Re: GDI tool
    ... required security updates?" ... Microsoft Security Bulletin MS04-028 ... Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: GDI+ Security
    ... bulletin or from Windows Update) ... is system protected files that you will ... before replacing ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows Installer spuriously activated by Windows Explorer
    ... Microsoft Security Bulletin MS04-028 ... Platform SDK Redistributable: GDI+ ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.win2000.general)
  • Re: (KB873374)
    ... GDI+ Detection Tool: ... Microsoft Security Bulletin MS04-028 ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windowsxp.general)