Re: Windows GDI Interface Buffer Overflow Vulnerability



=?Utf-8?B?a29j?= <koc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:4EB5FCD5-D8FB-4426-B889-47A212E7BB2F@xxxxxxxxxxxxx:

Our security reporter send us a mail about Windows GDI
Interface Buffer Overflow Vulnerability in last
mounth.There isn't any patch for this vulnerability .But a
workaround solve this security problem according to my
reporter.This workaround is :

Turn off metafile processing by modifying the registry.
Under registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\GRE_Initialize
create a DWORD entry "DisableMetaFiles" and set it to 1.


Can you tell me this workaround is true and trustable ? and
what do you think about this security vulnerability? Thanks
Also I am located in Turkey


See [wraps]:
http://www.microsoft.com/technet/security/bulletin/ms07-
046.mspx

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom
.



Relevant Pages

  • MS released a patch today - MS06-001
    ... Microsoft released a patch for the WMF vulnerability this afternoon. ... Microsoft has tested the following workaround. ... * Unregister the Windows Picture and Fax Viewer on Windows XP ...
    (Bugtraq)
  • Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
    ... On 3/27/06, Marc Maiffret wrote: ... This workaround has been created because currently there is no solution ... you experienced and we will work to fix any bugs in a timely fashion. ... For more information on the vulnerability and a link to download the ...
    (Full-Disclosure)
  • Re: Installing 835732 causes my server to crash
    ... > The FAQ section of the technical bulletin: ... > has workaround information for many of the vulnerabilities in this patch. ... It looks like the LSASS Vulnerability - CAN-2003-0533 ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.security)
  • [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerability
    ... eEye Digital Security has created a temporary work around for the ... This workaround has been created because currently there is no solution ... For more information on the vulnerability and a link to download the ...
    (Full-Disclosure)
  • [Full-disclosure] -Advisory- - =Thu Mar 16 03:47:35 EST 2006= - Buffer Overflow
    ... It is possible to make Microsoft Office crash or run arbitrary code by the use of malformed input. ... Workaround ... This vulnerability has no identified workarounds on the issue at hand. ... CVE Information ...
    (Full-Disclosure)