Re: MS04-028 & vendor copies of gdiplus.dll
From: BeamGuy (no_at_spam.com)
Date: Tue, 28 Sep 2004 09:00:15 -0400
It looks like the scanner on windows update missed this on...
Scanning Drive C:...
C:\Documents and Settings\ahalling\Desktop\GDI+\gdiplus.dll
C:\Documents and Settings\ahalling\Local Settings\Temp\gdiplus.dll
C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.DLL
C:\Program Files\Common Files\Microsoft Shared\Web Components\VWC\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
"Torgeir Bakken (MVP)" <Torgeir.Bakkenfirstname.lastname@example.org> wrote in message news:OTvqtDVpEHA.2764@TK2MSFTNGP11.phx.gbl...
> BeamGuy wrote:
> > Thanks...
> > My four copies are all vulnerable... Where might I find a good version?
> As long as you are finished installing *all* relevant updates from
> the MS04-028 bulletin (see link below), if you still find 5.1.x.x
> gdiplus.dll files on the hard disk with a lesser version number than
> 5.1.3102.1355 (outside any %windir%\WinSxS\... folder that is),
> you should replace them with the gdiplus.dll v5.1.3102.1360 file
> that is available here:
> Platform SDK Redistributable: GDI+
> (this download link is also found in the MS04-028 bulletin)
> I suggest you create a backup somewhere of all the old 5.1.x.x
> versions before replacing them, just in case the application using
> the dll doesn't like the replacement (unlikely though).
> Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide: