Blue Event Horizon said:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx [...]
A small freeware utility to scan your entire hard drive is available from
http://isc.sans.org/gdiscan.php
the web page doesn't specifically state it works on Windows ME but it
worked fine on my computer.
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2800.1411
C:\Program Files\Common Files\Roxio Shared\DLLShared\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
Scan Complete.
I run w98se + msie55sp2 (+ some fragments of MSO 2000). Products
which msft did not list in that bulletin for special patch needs.
Same time, I do have a handful of freeware progs which use the
gdiplus.dll.
My initial Gdiscan output:
D:\APPS\zbin\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 5.0.3014.1003 <-- Possibly vulnerable
(Win2K SP2 and SP3 w/IE6 SP1 only)
D:\wcoa\system\shared\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
I've now replaced gdiplus.dll in my shared folder.
OLD
gdiplus.dll 5.1.3097.0 (xpclient.010817-1148)
NEW
gdiplus.dll 5.1.3102.1360 (xpsp2.040109-1800)
The updates from Microsoft (and if you have Office you need more than
one update) only protect Microsoft products. [...]
Now I'm off to learn how to replace the vulnerable gdiplus.dll.
direct download (extractable file containing gdiplus.dll):
http://download.microsoft.com/download/a/b/c/abc45517-97a0-4cee-a362-1957be2f24e1/gdiplus_dnld.exe
http://www.microsoft.com/downloads/...9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
<quoted>
Platform SDK Redistributable: GDI+
File Name: gdiplus_dnld.exe // contents - gdiplus.dll & readmes
Download Size: 1017 KB
Date Published: 9/14/2004
Version: 3102.1360
Supported Operating Systems:
Windows 2000, Windows 98, Windows ME, Windows NT, Windows XP
Instructions
1. Download the file by clicking on its link.
2. Install the packaged content by running the self-extracting
executable file. This will create a directory structure containing
the redistributable files. You have control over the installation
location.
Information on that matter would be welcome.
As your post basically indicated, there's apparently a messy assortment
of pathways and hassles involved for updating diverse commercial MSFT
products, particularly some of its later MS Office items. Since none
of that applies to my system, I did not try to read through there.
Concerning the gdiplus.dll in the <gdiplus_dnld.exe> download, below
are the primary excerpts from the included redist.txt file (addressed
to developers who are redistributing this DLL with their app).
| You may distribute gdiplus.dll solely for use with Windows 2000,
| Windows Millennium Edition, Windows NT 4.0 and Windows 98.
|
| For Windows XP use the system-supplied gdiplus.dll. Do not install
| a new gdiplus.dll over the system-supplied version (it will fail due
| to Windows File Protection).
|
| For Windows 2000, Windows Millennium Edition, Windows NT 4.0 and
| Windows 98, install gdiplus.dll into the private directory of the
| application not into the system directory.
On my system (w98 w/o all those MSO apps), and this is only my personal
preference (!not advice), I have my freeware progs all share that same
file, from a common directory. Additionally, I've made the choice to go
ahead now and update that shared gdiplus.dll that they will use, to the
later one.
(If it one day comes to pass that I get a complaint from one of the progs
which have the gdiplus dependendency - which could, say, lead to discovery
that the prog was written to only work with the earlier version of the DLL,
I'd then of course modify my arrangements.)
I did a quick launch just now, after my gdiplus.dll update, to see if any
concerned parties had complaints.
TrackerV3
HandySnap
Rainmeter
While it was only brief launch, not a work-out through all functions,
I have the impression everyone in that group is fine with things.
These are not the only freeware progs I've installed which require that
DLL. For this post, to gather a list of names, the fastest means I could
think to get a report on that was by doing a drive search with gdiplus.dll
in the containing text: field. That technique doesn't catch everybody, but
catches some. Below is a list of results, from my archives drive.
PIXresizer
XILG, XML Image List
Websmill
Documentor
Those in the list above are programs I've decisively chosen not to use,
for various reasons. But I figure could be of possible use that I list
their names here. At least, for the sake of backing up an observation:
It is that an increasing number of programs are written to use gdiplus.dll.
As to the basic question? Was I even vulnerable where I even needed this
update? Well, I decided not to spend time on web searches in search of
getting that clarified. To be honest, I barely even glanced at the
security papers. (It's in my habits to update common libraries, so that
was adequate motive for me to change to the new gdiplus.dll.)
For anyone who scrolled past this whole post, and might feel in the mood
to simply go straight to the update, without doing lots of reading, or has
previously read on the subject, I'll repeat the direct download link:
http://download.microsoft.com/download/a/b/c/abc45517-97a0-4cee-a362-1957be2f24e1/gdiplus_dnld.exe
