[36542] in bugtraq
Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
daemon@ATHENA.MIT.EDU (Gary Warner)
Fri Sep 17 02:04:29 2004
Message-ID: <414981E8.9070806@askgar.com>
Date: Thu, 16 Sep 2004 07:07:04 -0500
From: Gary Warner <gar@askgar.com>
MIME-Version: 1.0
To: Polazzo Justin <Justin.Polazzo@facilities.gatech.edu>,
bugtraq@securityfocus.com,
birmingham-infragard@birmingham-infragard.org
In-Reply-To: <FEBC66CCD411744381228574BAB53A9B9E8EDB@MAIL.fac.gatech.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
On the Microsoft security briefing webcast yesterday they said that
GDIPLUS.DLL is distributed with many applications. Depending on how
those applications were built, simply replacing the DLL may break the
app. They recommend applying Microsoft patches, and contacting the
vendors of any apps associated with GDIPLUS.
The GDI+ detection tool ONLY DETECTS CURRENTLY SUPPORTED MICROSOFT PRODUCTS.
They confirmed on the call that older versions ARE VULNERABLE but that
only CURRENT versions will be patched. Recommendation, of course,
update to current on every version.
There was special guidance for application developers dealing with
whether the app was built in Visual Studio as a "Managed Application" or
not. Rather than guess about that, I strongly recommend replaying the
webcast. There's a PDF of the slides available, and the Q&A had many
revealing deteails.
From www.microsoft.com/technet/security/
go to the Register for September Webcast link
even though the meeting is over, Register
it will take you to a "View Recording" page which will let you stream
the Live Meeting Replay in Windows Media Format.
_-_
gar
