MS GDI+ Scan

N

Nobody Special

The GDI+ scan done by the Microsoft Scanner from Microsoft
Update reported there was no vulnerable GDIPlus DLLs found
on my computer related to a list of MS products provided.
However, a GDI+ scanner from Internet Storn Center found
one of the GDIPlus vulnerable DLLs on my system is
associated with a Microsoft Product in their list (Word
2000). Since the MS scanner didn't find that particular MS-
product related GDI+ dll, and therefore didn't continue on
to provide information on what to do about it, I'm
wondering if any of you people know the URL of the site
that Microsoft's scanner would have sent me to if it had
done it's job properly. Thanks.
Scanner Output Ref:
GDISCAN 11:20 23SEP04 results:
Scanning...
C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Common Files\Microsoft Shared\Office10
\MSO.DLL
Version: 10.0.3501.0 <-- Vulnerable version
C:\Program Files\Norton SystemWorks\Web Cleanup\GDIPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Vulnerable version
Scan Complete.
 
M

marburg

It would have sent you to a site for additional information and then
eventually sent you to the Microsoft Office Update site.
http://office.microsoft.com/en-us/officeupdate/default.aspx

Click on check for updates. Make sure you have the original CD for the
software.

Marburg


The GDI+ scan done by the Microsoft Scanner from Microsoft
Update reported there was no vulnerable GDIPlus DLLs found
on my computer related to a list of MS products provided.
However, a GDI+ scanner from Internet Storn Center found
one of the GDIPlus vulnerable DLLs on my system is
associated with a Microsoft Product in their list (Word
2000). Since the MS scanner didn't find that particular MS-
product related GDI+ dll, and therefore didn't continue on
to provide information on what to do about it, I'm
wondering if any of you people know the URL of the site
that Microsoft's scanner would have sent me to if it had
done it's job properly. Thanks.
Scanner Output Ref:
GDISCAN 11:20 23SEP04 results:
Scanning...
C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Common Files\Microsoft Shared\Office10
\MSO.DLL
Version: 10.0.3501.0 <-- Vulnerable version
C:\Program Files\Norton SystemWorks\Web Cleanup\GDIPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Vulnerable version
Scan Complete.
 
N

Nobody Special

Marburg-
Thanks. I thought my MS Office stuff was up to date, but
went to Office Update and checked just to be sure. The
Internet Storm Center scanner still finds a vulnerable dll
related to the GDI+ problem in my MS Office apps. I
checked with Symantic regarding Norton Systemworks and
there's a blurp on their site about it but apparently they
don't realize that their own products have problems with
this too. Oh well. I don't know what else to do. Any
suggestions?
NS
 
F

frodo

the storm center scanner has been updated several times over the last 2
days, it's more robust now and has slightly better info on the web page.
check back often 'til it settles out. It works well BTW, everyone ought
to try it, it's only 7K in size. Be sure to scan ALL your hard drives,
not just the one w/ the \windows directory!

http://isc.sans.org/gdiscan.php

the "possible vulnerability" for the side-by-side dll's still needs
addressing by microsoft. DO NOT try to "fix" these by simply copying a
later version of the dll into a WinSxS directory, that'll break it!

If the scanner finds an issue w/ a MS product, check this site, it has
refs to patchers for all MS products:

http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

you need to apply each (and every) one that pertains to you.

For non-ms products try the manufacturer's site.
 
M

Mike Williams

I have the same problem file highlighted by the latest version of
GDIscan, as follows:

C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version

I read somewhere that this appears in slipstreamed XP installations --
whatever that means.

THE QUESTION: I went to the MS link below, with the long list of MS apps
and patches, and am now stumped. How on earth does one know which MS
product installed that file?

THANKS.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GDISCAN Result (JPEG Exploit) Which SXS.DLL does windows xp use ??? 4
gdi vulnerability despite Windows update 2
gdiplus.dll vulnerability 2
freeware to check third party software for the JPEG/gdi+ security flaw 2
XP install failed 6
Failures Installing Windows XP Home Edition Upgrade 2
Live Messenger problem 0
WTD: Nvidia Videocard for 4x AGP Slot 0

Top