GdiPlus vulnerabilities

[Nobody Special]

Since I downloaded Microsoft's 'clean' version of
Gdiplus.dll from their page:
http://www.microsoft.com/downloads/details.aspx?
FamilyId=6A63AB9C-DF12-4D41-933C-
BE590FEAA05A&displaylang=en
and replaced all my vulnerable versions (after renaming
them as gdiplus.dlx just in case those software vendors
put some of their own stuff in each particular case) with
it, the gdi scan tool obtained from Internet Storm Center
now only find one file that it recognises as vulnerable,
and that is mso.dll in Office10. Here's the funny part-
when I check Office Update for any updates, it says I'm
just hunky-dory and don't need any updates. What's with
that? Thanks.

 

[Nobody Special]

No news is good news I guess? Otherwise someone would have
answered. Right?

 

[Torgeir Bakken \(MVP\)]

Since I downloaded Microsoft's 'clean' version of
Gdiplus.dll from their page:
http://www.microsoft.com/downloads/details.aspx?
FamilyId=6A63AB9C-DF12-4D41-933C-
BE590FEAA05A&displaylang=en
and replaced all my vulnerable versions (after renaming
them as gdiplus.dlx just in case those software vendors
put some of their own stuff in each particular case) with
it, the gdi scan tool obtained from Internet Storm Center
now only find one file that it recognises as vulnerable,
and that is mso.dll in Office10. Here's the funny part-
when I check Office Update for any updates, it says I'm
just hunky-dory and don't need any updates. What's with
that? Thanks.

Hi

Download and run the Office update from here maybe:

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx