GdiPlus vulnerabilities

  • Thread starter Thread starter Nobody Special
  • Start date Start date
N

Nobody Special

Since I downloaded Microsoft's 'clean' version of
Gdiplus.dll from their page:
http://www.microsoft.com/downloads/details.aspx?
FamilyId=6A63AB9C-DF12-4D41-933C-
BE590FEAA05A&displaylang=en
and replaced all my vulnerable versions (after renaming
them as gdiplus.dlx just in case those software vendors
put some of their own stuff in each particular case) with
it, the gdi scan tool obtained from Internet Storm Center
now only find one file that it recognises as vulnerable,
and that is mso.dll in Office10. Here's the funny part-
when I check Office Update for any updates, it says I'm
just hunky-dory and don't need any updates. What's with
that? Thanks.
 
Nobody said:
Since I downloaded Microsoft's 'clean' version of
Gdiplus.dll from their page:
http://www.microsoft.com/downloads/details.aspx?
FamilyId=6A63AB9C-DF12-4D41-933C-
BE590FEAA05A&displaylang=en
and replaced all my vulnerable versions (after renaming
them as gdiplus.dlx just in case those software vendors
put some of their own stuff in each particular case) with
it, the gdi scan tool obtained from Internet Storm Center
now only find one file that it recognises as vulnerable,
and that is mso.dll in Office10. Here's the funny part-
when I check Office Update for any updates, it says I'm
just hunky-dory and don't need any updates. What's with
that? Thanks.
Click to expand...
Hi

Download and run the Office update from here maybe:

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
 
Back
Top