Re: Windows GDI Interface Buffer Overflow Vulnerability



=?Utf-8?B?a29j?= <koc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:4EB5FCD5-D8FB-4426-B889-47A212E7BB2F@xxxxxxxxxxxxx:

Our security reporter send us a mail about Windows GDI
Interface Buffer Overflow Vulnerability in last
mounth.There isn't any patch for this vulnerability .But a
workaround solve this security problem according to my
reporter.This workaround is :

Turn off metafile processing by modifying the registry.
Under registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\GRE_Initialize
create a DWORD entry "DisableMetaFiles" and set it to 1.


Can you tell me this workaround is true and trustable ? and
what do you think about this security vulnerability? Thanks
Also I am located in Turkey


See [wraps]:
http://www.microsoft.com/technet/security/bulletin/ms07-
046.mspx

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom
.



Relevant Pages

  • MS released a patch today - MS06-001
    ... Microsoft released a patch for the WMF vulnerability this afternoon. ... Microsoft has tested the following workaround. ... * Unregister the Windows Picture and Fax Viewer on Windows XP ...
    (Bugtraq)
  • Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
    ... On 3/27/06, Marc Maiffret wrote: ... This workaround has been created because currently there is no solution ... you experienced and we will work to fix any bugs in a timely fashion. ... For more information on the vulnerability and a link to download the ...
    (Full-Disclosure)
  • Re: Installing 835732 causes my server to crash
    ... > The FAQ section of the technical bulletin: ... > has workaround information for many of the vulnerabilities in this patch. ... It looks like the LSASS Vulnerability - CAN-2003-0533 ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.security)
  • [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerability
    ... eEye Digital Security has created a temporary work around for the ... This workaround has been created because currently there is no solution ... For more information on the vulnerability and a link to download the ...
    (Full-Disclosure)
  • EEYE: Temporary workaround for IE createTextRange vulnerability
    ... eEye Digital Security has created a temporary work around for the ... This workaround has been created because currently there is no solution ... For more information on the vulnerability and a link to download the ...
    (Bugtraq)