Bugtraq mailing list archives
RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
From: "Angelidis, Fotis(NSASOUDABAY)" <AngelidisF () nsa souda navy mil>
Date: Thu, 16 Sep 2004 11:50:11 +0300
-----Original Message----- From: Polazzo Justin [mailto:Justin.Polazzo () facilities gatech edu] Sent: Wednesday, September 15, 2004 6:24 PM To: Nick D.; bugtraq () securityfocus com Subject: RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
Ps: ARRRgh!! P.p.s: Am I missing the all in one patch? Is the GDI+ Detection Tool available as download? Will the GDI detection tool search through non-ms sw?
Actually the GDI+ Detection Tool comes before the actual update takes place in Windows Update. If you visit windowsupdate.com and select the patch for downloading, the tool is being downloaded first and if it finds any vulnerable versions of the file, it downloads the updates respectively. I cannot guarantee that it will search through non-ms software though, however I'm not sure if the specific vulnerability affects non-ms products in the first place. To the best of my knowledge it has to do with the JPEG parsing engine in certain Microsoft products which are mentioned in the advisory page :)
Current thread:
- Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Nick D. (Sep 15)
- <Possible follow-ups>
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Polazzo Justin (Sep 15)
- Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow sheep explode (Sep 16)
- Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Gary Warner (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Polazzo Justin (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Angelidis, Fotis(NSASOUDABAY) (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Parks, Matt (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Polazzo Justin (Sep 16)