[476] in Kakapo Windows Team
RE: [Kakapo] Microsoft Security Bulletin MS04-028 Buffer
daemon@ATHENA.MIT.EDU (Richard Edelson)
Wed Sep 15 12:19:14 2004
Message-Id: <5.2.1.1.2.20040915120405.01aeb970@hesiod>
Date: Wed, 15 Sep 2004 12:17:29 -0400
To: "Paul B. Hill" <pbh@mit.edu>, "'Jonathan McIndoe Hunt'" <jmhunt@mit.edu>,
"'pismere-ops'" <pismere-ops@mit.edu>
From: Richard Edelson <redelson@mit.edu>
In-Reply-To: <200409142031.i8EKVdvi002838@melbourne-city-street.mit.edu>
Mime-Version: 1.0
cc: kakapo@mit.edu
Content-Type: multipart/mixed; boundary="===============80059665214025921=="
Errors-To: kakapo-bounces@mit.edu
--===============80059665214025921==
Content-Type: multipart/alternative;
boundary="=====================_1880539296==.ALT"
--=====================_1880539296==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
Here's Microsoft's statement on XP SP2:
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx
Important Windows XP Service Pack 2 (SP2) is not affected by this issue.
Windows XP SP2 users only need to update Office (if installed).
Richard
At 04:31 PM 9/14/2004 -0400, Paul B. Hill wrote:
>Hi Jon,
>
>The JPEG processing is performed by a common DLL. Any of the applications
>listed might cause the DLL to be installed, however, the DLL is a core
>component on XP SP1, XP SP2, Windows Server 2003. The applications "only use
>the version that is provided by the operating system, even if they install a
>copy of the vulnerable component." Therefore, Office 2003 installed on XP
>SP2 should not run the DLL that has the vulnerability.
>
>There could be a very small number of mis-configured XP SP2 machines that
>could execute the vulnerable code. This would imply that the system's DLL
>cache was previously corrupt as well.
>
>Paul
>
>
>-----Original Message-----
>From: kakapo-bounces@MIT.EDU [mailto:kakapo-bounces@MIT.EDU] On Behalf Of
>Jonathan McIndoe Hunt
>Sent: Tuesday, September 14, 2004 3:58 PM
>To: Richard Edelson; pismere-ops
>Cc: kakapo@mit.edu
>Subject: Re: [Kakapo] Microsoft Security Bulletin MS04-028 Buffer Overrun in
>JPEG Processing (GDI+) Could Allow Code Execution (833987)
>
>In reading through the details on this vulnerability, which seems pretty
>bad to me as a hacker could subtly replace jpg images on hacked web sites
>possibly without it being obviouis, there is one question I couldn't figure
>out. The details say that "Windows XP SP2 is not affected by this
>vulnerability" however, what about a Windows XP SP2 system with one of the
>other applications, like Office 2003, installed. Is that still vulnerable?
>
>Thanks,
>Jon
>
>
>At 03:18 PM 9/14/2004, Richard Edelson wrote:
>
>
> >http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
> >
> >Latest critical patch from Microsoft
> >
> >Richard
> >
> >_______________________________________________
> >Kakapo@mit.edu
> >http://mailman.mit.edu/mailman/listinfo/kakapo
>
>_______________________________________________
>Kakapo@mit.edu
>http://mailman.mit.edu/mailman/listinfo/kakapo
Richard Edelson
Network & Infrastructure Services Team
Information Services and Technology (IS&T)
Massachusetts Institute of Technology
77 Massachusetts Avenue
Room W92-168
Cambridge, MA 02139
617-253-3347
redelson@mit.edu
--=====================_1880539296==.ALT
Content-Type: text/html; charset="us-ascii"
<html>
<body>
<br>
Here's Microsoft's statement on XP SP2:<br><br>
<a href="http://www.microsoft.com/security/bulletins/200409_jpeg.mspx" eudora="autourl">http://www.microsoft.com/security/bulletins/200409_jpeg.mspx</a><br>
<b>Important</b> Windows XP Service Pack 2 (SP2) is not affected by
this issue. Windows XP SP2 users only need to update Office (if
installed).<br><br>
<br>
Richard<br><br>
<br>
At 04:31 PM 9/14/2004 -0400, Paul B. Hill wrote:<br>
<blockquote type=cite class=cite cite>Hi Jon,<br><br>
The JPEG processing is performed by a common DLL. Any of the
applications<br>
listed might cause the DLL to be installed, however, the DLL is a
core<br>
component on XP SP1, XP SP2, Windows Server 2003. The applications
"only use<br>
the version that is provided by the operating system, even if they
install a<br>
copy of the vulnerable component." Therefore, Office 2003 installed
on XP<br>
SP2 should not run the DLL that has the vulnerability. <br><br>
There could be a very small number of mis-configured XP SP2 machines
that<br>
could execute the vulnerable code. This would imply that the system's
DLL<br>
cache was previously corrupt as well. <br><br>
Paul<br><br>
<br>
-----Original Message-----<br>
From: kakapo-bounces@MIT.EDU
[<a href="mailto:kakapo-bounces@MIT.EDU" eudora="autourl">mailto:kakapo-bounces@MIT.EDU</a>]
On Behalf Of<br>
Jonathan McIndoe Hunt<br>
Sent: Tuesday, September 14, 2004 3:58 PM<br>
To: Richard Edelson; pismere-ops<br>
Cc: kakapo@mit.edu<br>
Subject: Re: [Kakapo] Microsoft Security Bulletin MS04-028 Buffer Overrun
in<br>
JPEG Processing (GDI+) Could Allow Code Execution (833987)<br><br>
In reading through the details on this vulnerability, which seems pretty
<br>
bad to me as a hacker could subtly replace jpg images on hacked web sites
<br>
possibly without it being obviouis, there is one question I couldn't
figure <br>
out. The details say that "Windows XP SP2 is not affected by
this <br>
vulnerability" however, what about a Windows XP SP2 system with one
of the <br>
other applications, like Office 2003, installed. Is that still
vulnerable?<br><br>
Thanks,<br>
Jon<br><br>
<br>
At 03:18 PM 9/14/2004, Richard Edelson wrote:<br><br>
<br>
><a href="http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx" eudora="autourl">http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx</a><br>
><br>
>Latest critical patch from Microsoft<br>
><br>
>Richard<br>
><br>
>_______________________________________________<br>
>Kakapo@mit.edu<br>
><a href="http://mailman.mit.edu/mailman/listinfo/kakapo" eudora="autourl">http://mailman.mit.edu/mailman/listinfo/kakapo</a><br><br>
_______________________________________________<br>
Kakapo@mit.edu<br>
<a href="http://mailman.mit.edu/mailman/listinfo/kakapo" eudora="autourl">http://mailman.mit.edu/mailman/listinfo/kakapo</a></blockquote>
<x-sigsep><p></x-sigsep>
<br>
Richard Edelson<br>
Network & Infrastructure Services Team<br>
Information Services and Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
77 Massachusetts Avenue<br>
Room W92-168<br>
Cambridge, MA 02139<br>
617-253-3347<br>
redelson@mit.edu<br>
</body>
</html>
--=====================_1880539296==.ALT--
--===============80059665214025921==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
_______________________________________________
Kakapo@mit.edu
http://mailman.mit.edu/mailman/listinfo/kakapo
--===============80059665214025921==--
