[475] in Kakapo Windows Team
RE: [Kakapo] Microsoft Security Bulletin MS04-028 Buffer Overrun in
daemon@ATHENA.MIT.EDU (Paul B. Hill)
Tue Sep 14 16:31:48 2004
Message-Id: <200409142031.i8EKVdvi002838@melbourne-city-street.mit.edu>
From: "Paul B. Hill" <pbh@mit.edu>
To: "'Jonathan McIndoe Hunt'" <jmhunt@mit.edu>,
"'Richard Edelson'" <redelson@mit.edu>,
"'pismere-ops'" <pismere-ops@mit.edu>
Date: Tue, 14 Sep 2004 16:31:02 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <6.2.0.1 alpha.2.20040914155556.04755e80@hesiod>
cc: kakapo@mit.edu
Errors-To: kakapo-bounces@mit.edu
Hi Jon,
The JPEG processing is performed by a common DLL. Any of the applications
listed might cause the DLL to be installed, however, the DLL is a core
component on XP SP1, XP SP2, Windows Server 2003. The applications "only use
the version that is provided by the operating system, even if they install a
copy of the vulnerable component." Therefore, Office 2003 installed on XP
SP2 should not run the DLL that has the vulnerability.
There could be a very small number of mis-configured XP SP2 machines that
could execute the vulnerable code. This would imply that the system's DLL
cache was previously corrupt as well.
Paul
-----Original Message-----
From: kakapo-bounces@MIT.EDU [mailto:kakapo-bounces@MIT.EDU] On Behalf Of
Jonathan McIndoe Hunt
Sent: Tuesday, September 14, 2004 3:58 PM
To: Richard Edelson; pismere-ops
Cc: kakapo@mit.edu
Subject: Re: [Kakapo] Microsoft Security Bulletin MS04-028 Buffer Overrun in
JPEG Processing (GDI+) Could Allow Code Execution (833987)
In reading through the details on this vulnerability, which seems pretty
bad to me as a hacker could subtly replace jpg images on hacked web sites
possibly without it being obviouis, there is one question I couldn't figure
out. The details say that "Windows XP SP2 is not affected by this
vulnerability" however, what about a Windows XP SP2 system with one of the
other applications, like Office 2003, installed. Is that still vulnerable?
Thanks,
Jon
At 03:18 PM 9/14/2004, Richard Edelson wrote:
>http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
>
>Latest critical patch from Microsoft
>
>Richard
>
>_______________________________________________
>Kakapo@mit.edu
>http://mailman.mit.edu/mailman/listinfo/kakapo
_______________________________________________
Kakapo@mit.edu
http://mailman.mit.edu/mailman/listinfo/kakapo
_______________________________________________
Kakapo@mit.edu
http://mailman.mit.edu/mailman/listinfo/kakapo
