Bugtraq mailing list archives
Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
From: Gary Warner <gar () askgar com>
Date: Thu, 16 Sep 2004 07:07:04 -0500
On the Microsoft security briefing webcast yesterday they said that GDIPLUS.DLL is distributed with many applications. Depending on how those applications were built, simply replacing the DLL may break the app. They recommend applying Microsoft patches, and contacting the vendors of any apps associated with GDIPLUS.
The GDI+ detection tool ONLY DETECTS CURRENTLY SUPPORTED MICROSOFT PRODUCTS.They confirmed on the call that older versions ARE VULNERABLE but that only CURRENT versions will be patched. Recommendation, of course, update to current on every version.
There was special guidance for application developers dealing with whether the app was built in Visual Studio as a "Managed Application" or not. Rather than guess about that, I strongly recommend replaying the webcast. There's a PDF of the slides available, and the Q&A had many revealing deteails.
From www.microsoft.com/technet/security/ go to the Register for September Webcast link even though the meeting is over, Registerit will take you to a "View Recording" page which will let you stream the Live Meeting Replay in Windows Media Format.
_-_ gar
Current thread:
- Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Nick D. (Sep 15)
- <Possible follow-ups>
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Polazzo Justin (Sep 15)
- Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow sheep explode (Sep 16)
- Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Gary Warner (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Polazzo Justin (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Angelidis, Fotis(NSASOUDABAY) (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Parks, Matt (Sep 16)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Polazzo Justin (Sep 16)