Re: GDI+ Security

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 09/17/04


Date: Fri, 17 Sep 2004 19:13:44 +0200

HRon wrote:

> After running Microsoft's GDI+ update, I did a search for
> the gdiplus.dll file. I found three different version
> installed - 5.1.3097, 5.1.3101 and 5.1.3102. Should all
> be replaced with the most recent; or, are all safe with
> SP2?
Hi

That depends on where they are located, and what programs that uses
them.

You need not to worry about old versions of gdiplus.dll located in
%windir%\WinSxS\... as long as you find a v5.1.3102.1360 in there as
well (that you have updated with the hotfix for WinXP in the MS04-028
bulletin or from Windows Update)

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx

Files in %windir%\WinSxS\... is system protected files that you will
not be able to replace, and it is not necessary either, the system
will force applications that uses gdiplus.dll from %windir%\WinSxS\...
to use the latest version anyway.

As long as you are finished installing *all* relevant updates from
the MS04-028 bulletin, if you still find 5.1.x.x gdiplus.dll files on
the hard disk with a lesser version number than 5.1.3102.1355 (yes,
5.1.3102.1355 and not 5.1.3102.1360) outside %windir%\WinSxS\...,
you should replace them with the gdiplus.dll v5.1.3102.1360 file
that is available here:

Platform SDK Redistributable: GDI+
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
(this download link is also found in the MS04-028 bulletin)

I suggest you create a backup somewhere of all the old 5.1.x.x
versions that you find outside %windir%\WinSxS\... before replacing
them, just in case the application using the dll doesn't like
the replacement (unlikely though).

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx


Relevant Pages

  • Re: MS04-028 & vendor copies of gdiplus.dll
    ... (this download link is also found in the MS04-028 bulletin) ... versions before replacing them, just in case the application using ... Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.security)
  • Re: Windows Update vs Entire Download
    ... > automatic or manual), instead of simply replacing files as necessary, the ... replaces entire files just as the catalog updates do. ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windowsupdate)
  • Re: MS04-028 & vendor copies of gdiplus.dll
    ... It looks like the scanner on windows update missed this on... ... > versions before replacing them, just in case the application using ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.security)
  • Re: 16 bit Windows Subsystem error
    ... RodneyF wrote: ... Replacing it solves the ... > problem whilst the PC is on but it recurs. ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.win2000.general)
  • MS04-024 and MS04-037 supersedence question
    ... apologies if this has already been discussed. ... MS04-037 bulletin originally stated it replaces MS04-024. ... but they are not noted as replacing it. ... something that's not included in the dlls MS04-024 provides. ...
    (microsoft.public.win2000.security)