gdiplus.dll vulnerability

[eliric]

With the last updates in place in W2000 and Office 2003, I
tested W2000 with
GDIScan "http://isc.sans.org/gdiscan.php".
Results:
C/WINNT/system32/gdiplus.dll is still vulnerable ( version
5.1.3097.0).It affects other programs (Norton SystenWorks,
Macromedia).

I have other versions of.gdiplus.dll with no
vulnerability. (version 5.1.3102.13600)-Microsoft net.
Any idea why the last Microsoft gdiplus does not correct
this vulnerability?

 

[Torgeir Bakken \(MVP\)]

With the last updates in place in W2000 and Office 2003, I
tested W2000 with
GDIScan "http://isc.sans.org/gdiscan.php".
Results:
C/WINNT/system32/gdiplus.dll is still vulnerable ( version
5.1.3097.0).It affects other programs (Norton SystenWorks,
Macromedia).

I have other versions of.gdiplus.dll with no
vulnerability. (version 5.1.3102.13600)-Microsoft net.
Any idea why the last Microsoft gdiplus does not correct
this vulnerability?

Hi

No Microsoft software puts gdiplus.dll in %windir%\System32\
(it would have been placed there by some 3rd party program
installation), so no security updates from Microsoft will
update a %windir%\System32\gdiplus.dll file.


Just replace the file yourself with the gdiplus.dll v5.1.3102.1360
file that is available here:

Platform SDK Redistributable: GDI+
http://www.microsoft.com/downloads/...9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
(this download link is also found in the MS04-028 bulletin)

 

[eliric]

Thanks Torgeir for the info.
I suspect the 3rd party is the Macromedia programs flash
mx2004,FireworksMX2004 or Dreamweaver2004.
All them had the vulnerable gdiplus.dll.
Anyway I corrected everything following your instructions.