With Xp Sp2 is my IE6 vulnerable to JPEG Buffer Overun Malware?

[Pat]

Hello-

I am running Windows XP with SP2 and IE 6.0

So far as the JPEG Buffer Overrun vulnerability problem,
I understand that there is no problem with just the XP system, so long
as it has been fortified with the SP2, but is there a JPEG Buffer
Overrun vulnerability problem in the Internet Explorer 6.0 Browser
itself even when run with XP and SP2?

[I have no other software applications that might be affected by this
vulnerability]

Thank you.

 

[LuckyStrike]

I don't think it is.
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Non-Affected Software
Microsoft Windows XP Service Pack 2

MS page and test
September 2004 Security Update for JPEG Processing (GDI+)
http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

See here for Info and a test.
http://isc.sans.org/index.php?isc=d93cf9d4a0516bcf3748fd3d169ac47c
http://isc.sans.org/diary.php?date=2004-09-25
http://www.bleepingcomputer.com/forums/topict3077.html
Testing Tool
http://isc.sans.org/gdiscan.php

Additional info for those who might ask about this tool and W98
http://isc.sans.org/diary.php?isc=3c2fbcbcbc98fa4a58d9853e405f7534

HTH -
--

LuckyStrike
(e-mail address removed)
The best Tweak and your ally for IE = **Disable Active Scripting**
http://www.infinisource.com/techfiles/surf-safe.html
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[PA Bear]

IE6/WinXP SP2 is *not* subject to the GDI+ vulnerability, no.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx

What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx

"There is no 'silver bullet' solution."
http://go.microsoft.com/fwlink/?LinkId=33131

 

[LuckyStrike]

May I ask? <G>
--
LS :-b
------------

IE6/WinXP SP2 is *not* subject to the GDI+ vulnerability, no.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx

What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx

"There is no 'silver bullet' solution."
http://go.microsoft.com/fwlink/?LinkId=33131

Hello-

I am running Windows XP with SP2 and IE 6.0

So far as the JPEG Buffer Overrun vulnerability problem,
I understand that there is no problem with just the XP system, so long
as it has been fortified with the SP2, but is there a JPEG Buffer
Overrun vulnerability problem in the Internet Explorer 6.0 Browser
itself even when run with XP and SP2?

[I have no other software applications that might be affected by this
vulnerability]

Thank you.

 

[PA Bear]

Ask away.
--
~PAB

IE6/WinXP SP2 is *not* subject to the GDI+ vulnerability, no.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx

What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx

"There is no 'silver bullet' solution."
http://go.microsoft.com/fwlink/?LinkId=33131

Hello-

I am running Windows XP with SP2 and IE 6.0

So far as the JPEG Buffer Overrun vulnerability problem,
I understand that there is no problem with just the XP system, so long
as it has been fortified with the SP2, but is there a JPEG Buffer
Overrun vulnerability problem in the Internet Explorer 6.0 Browser
itself even when run with XP and SP2?

[I have no other software applications that might be affected by this
vulnerability]

Thank you.

 

[LuckyStrike]

Okay, since you said so.... Is there an echo in here? <g,d,& r vvvf>

 

[PA Bear]

I didn't hear nothin'. I wuz working offline.

 

[LuckyStrike]

I might have been g,d,&r vvvf, but not fast enuff to get ahead of you this
time. <vbg>
LS
------

 

[PA Bear]

It'll *never* happen! <eg>

I might have been g,d,&r vvvf, but not fast enuff to get ahead of you this
time. <vbg>
LS

 

[LuckyStrike]

Well... don't go selling yourself *short* now. <vbeg>