Re: GDI+ Security

From: Torgeir Bakken \(MVP\) (
Date: 09/17/04

Date: Fri, 17 Sep 2004 19:13:44 +0200

HRon wrote:

> After running Microsoft's GDI+ update, I did a search for
> the gdiplus.dll file. I found three different version
> installed - 5.1.3097, 5.1.3101 and 5.1.3102. Should all
> be replaced with the most recent; or, are all safe with
> SP2?

That depends on where they are located, and what programs that uses

You need not to worry about old versions of gdiplus.dll located in
%windir%\WinSxS\... as long as you find a v5.1.3102.1360 in there as
well (that you have updated with the hotfix for WinXP in the MS04-028
bulletin or from Windows Update)

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution

Files in %windir%\WinSxS\... is system protected files that you will
not be able to replace, and it is not necessary either, the system
will force applications that uses gdiplus.dll from %windir%\WinSxS\...
to use the latest version anyway.

As long as you are finished installing *all* relevant updates from
the MS04-028 bulletin, if you still find 5.1.x.x gdiplus.dll files on
the hard disk with a lesser version number than 5.1.3102.1355 (yes,
5.1.3102.1355 and not 5.1.3102.1360) outside %windir%\WinSxS\...,
you should replace them with the gdiplus.dll v5.1.3102.1360 file
that is available here:

Platform SDK Redistributable: GDI+
(this download link is also found in the MS04-028 bulletin)

I suggest you create a backup somewhere of all the old 5.1.x.x
versions that you find outside %windir%\WinSxS\... before replacing
them, just in case the application using the dll doesn't like
the replacement (unlikely though).

torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide: