View Full Version : JPEG Virus - Are you Vulnerable?
TheBlueRaja
01-10-2004, 10:00
Use this program found here (http://images.dshield.org/images/gdiscan.exe) to see if you are vulnerable to the JPEG virus.
This will tell you which programs that you have installed are vulnerable to attack.
Remember - lots of programs are affected by this bug.
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
Version: 11.0.5207.5
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2900.2180
C:\Program Files\Macromedia\Dreamweaver MX 2004\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Microsoft Office\OFFICE11\GDIPLUS.DLL
Version: 6.0.3255.0 <-- Vulnerable version
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\ServicePackFiles\i386\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\system32\GdiPlus.dll
Version: 5.1.3102.2180
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180
Scan Complete.
I installed the GDI patch a week or two ago, how do I get round this? :(
Scanning Drive C:...
C:\dell\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLU S.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\dell\I386\SXS.DLL
Version: 5.1.2600.1106 <-- Vulnerable version
C:\dell\I386\VGX.DLL
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\ServicePackFiles\i386\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\SYSTEM32\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180
Scan Complete.
And that's with a fully patched XP system :Yikes:
Good job I'm staying with 98SE ! and Opera :D
Oh and I don't use any of the other MS stuff either .. good old 'Open Office' for me ! :p:
TheBlueRaja
01-10-2004, 11:18
The problem that this highlights is that it is NOT JUST XP that is affected - any program which handles JPEG's can be. The only way to make sur eyou are not vulnerable is to update EVERY program which has the possibility of being affected by the vulnerability.
Look on the bright side - at least you now know exactly what needs to be updated on your systems.
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.DLL
Version: 6.0.2800.1411
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\gdiplus .dll
Version: 5.1.3101.0 <-- Vulnerable version
C:\WINNT\system32\dllcache\vgx.dll
Version: 6.0.2800.1411
Scan Complete.
Scanning Drive D:...
D:\Creative Suite\Adobe Illustrator CS\Support Files\Contents\Windows\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
D:\HandySnap\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
Scan Complete.
Not too bad...
zoombini
01-10-2004, 13:53
Scanning Drive C:...
C:\Program Files\porn\pornview.exe
Version: 1.3 <-- Vulnerable version
C:\Program Files\porn\pornpic.exe
Version: 7.3 <-- Vulnerable version
C:\Program Files\porn\dirtygit.exe
Version: 7.3 <-- Vulnerable version
Scan Complete.
OH NO - Thats my porn watching buggered.
Scanning Drive C:...
C:\Program Files\porn\pornview.exe
Version: 1.3 <-- Vulnerable version
C:\Program Files\porn\pornpic.exe
Version: 7.3 <-- Vulnerable version
C:\Program Files\porn\dirtygit.exe
Version: 7.3 <-- Vulnerable version
Scan Complete.
OH NO - Thats my porn watching buggered.
Ahem, you may want to rephrase that :erm:
Scanning Drive C:...
C:\Program Files\porn\pornview.exe
Version: 1.3 <-- Vulnerable version
C:\Program Files\porn\pornpic.exe
Version: 7.3 <-- Vulnerable version
C:\Program Files\porn\dirtygit.exe
Version: 7.3 <-- Vulnerable version
Scan Complete.
OH NO - Thats my porn watching buggered.pmsl........someone rep him for that please! :D
pmsl........someone rep him for that please! :D
Done
pmsl........someone rep him for that please! :D
And done again - that's definitely worth a couple!
pmsl........someone rep him for that please! :D
Done, lol lol lol :D
zoombini
01-10-2004, 16:15
WOW! 5.... got to be witty more often..lol
Thanks for that..lol
I actually have about 5 entries that are identified.
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\system32\dllcache\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\system32\dllcache\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
Scan Complete.
.
Although I haven't a clue what to do about it.
Maybe I'll put SP2 on next week, I can't use Win update at present till the IT dept get the poxy proxy sorted.
MovedGoalPosts
01-10-2004, 16:39
We should all remember that whilst patching our computer software is an unending task, current antivirus software is also an essential part of our security.
If your A/V is current, and updated very regularly (at least once a day), you are going to be extremely unlikely to get an infection on your PC, even if it isnt quite fully patched. The A/V will scan any files as they are opened, detect something amis and prevent it's deployment.
Bear in mind that windoze update and similar patching software often lags behind in real time to the detection of vulnerabilities, as things have to be properly tested. It's much easier to test and inocculate against a virus as it's small amount of code con be unpicked and behavior predicted. Thus A/V can be far more current than the patches available. Having said that the jpeg vulrnerability has been known of for a few weeks now, long enough for any good software manufacturer to have the patches available.
TheBlueRaja
01-10-2004, 16:48
Upgrades to get yourself patched...
Microsoft Service Pack .NET Framework 1.1 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=A8F5654F-088E-40B2-BBDB-A83353618B38&displaylang=en
Microsoft .NET Framework SDK 1.0 SP2:
Microsoft Service Pack .NET Framework 1.0 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=6978D761-4A92-4106-A9BC-83E78D4ABC5B&displaylang=en
Microsoft .NET Framework SDK 1.0 SP1:
Microsoft Service Pack .NET Framework 1.0 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=6978D761-4A92-4106-A9BC-83E78D4ABC5B&displaylang=en
Microsoft .NET Framework SDK 1.0:
Microsoft Service Pack .NET Framework 1.0 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=6978D761-4A92-4106-A9BC-83E78D4ABC5B&displaylang=en
Microsoft Digital Image Pro 7.0:
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Digital Image Pro 9.0:
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Digital Image Suite 9.0:
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Greetings 2002 :
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Internet Explorer 6.0 SP1:
Microsoft Patch Security Update for Internet Explorer 6 Service Pack 1: KB833989
http://www.microsoft.com/downloads/details.aspx?FamilyId=B0095851-674D-4357-868C-DD75D88405EC&displaylang=en
Microsoft Office 2003 :
Microsoft Upgrade Office 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=9C51D3A6-7CB1-4F61-837E-5F938254FC47&displaylang=en
Microsoft Upgrade Office 2003 Security Update: KB838905
http://www.microsoft.com/downloads/details.aspx?FamilyId=106BCF99-1BA9-4035-94C5-2A7FA90E5971&displaylang=en
Microsoft Office XP SP3:
Microsoft Upgrade Office XP Security Update: KB832332
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D128614-6D34-49DF-8D63-6C17E9A2D312&displaylang=en
Microsoft Picture It! 7.0:
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Picture It! 9.0:
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Picture It! 2002 :
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Picture It! Library :
Microsoft Patch Picture It! and Digital Image Security Update - Also includes Greetings 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Platform SDK Redistributable: GDI+ :
Microsoft Patch Platform SDK Redistributable: GDI+
http://download.microsoft.com/download/a/b/c/abc45517-97a0-4cee-a362-1957be2f24e1/gdiplus_dnld.exe
Microsoft Producer for Microsoft Office PowerPoint :
Microsoft Patch Producer for Microsoft Office PowerPoint 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=1b3c76d5-fc75-4f99-94bc-784919468e73&DisplayLang=en
Microsoft Project 2002 SP1:
Microsoft Upgrade Project 2002 Security Update: KB831931
http://www.microsoft.com/downloads/details.aspx?FamilyId=B3EBCCEA-B0E4-41C7-A6F4-413864D2CCF3&displaylang=en
Microsoft Project 2002 :
Microsoft Project 2003 :
Microsoft Upgrade Project 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B04C073-E58F-4F42-B76D-6B565A45CDC3&displaylang=en
Microsoft Upgrade Project 2003 Security Update: KB838344
http://www.microsoft.com/downloads/details.aspx?FamilyId=9E37B6B0-A028-47EA-8FA1-3705877A2908&displaylang=en
Microsoft Visio 2002 Professional SP2:
Microsoft Upgrade Visio 2002 Security Update: KB831932
http://www.microsoft.com/downloads/details.aspx?FamilyId=16C2DFFD-7B73-43C4-AB0D-2B5EFC80EB63&displaylang=en
Microsoft Visio 2002 Standard SP2:
Microsoft Upgrade Visio 2002 Security Update: KB831932
http://www.microsoft.com/downloads/details.aspx?FamilyId=16C2DFFD-7B73-43C4-AB0D-2B5EFC80EB63&displaylang=en
Microsoft Visio 2003 Professional :
Microsoft Upgrade Visio 2003 Security Update: KB838345
http://www.microsoft.com/downloads/details.aspx?FamilyId=C07D40A5-6F87-4D50-9640-34FFD2F189E1&displaylang=en
Microsoft Visio 2003 Standard :
Microsoft Upgrade Visio 2003 Security Update: KB838345
http://www.microsoft.com/downloads/details.aspx?FamilyId=C07D40A5-6F87-4D50-9640-34FFD2F189E1&displaylang=en
Microsoft Visual Studio .NET 2002 :
Microsoft Upgrade Visual Studio .NET 2002 GDIPLUS.DLL Security Update
http://www.microsoft.com/downloads/details.aspx?FamilyId=44004D19-B22F-4AF2-A701-1FCB0467FBF9&displaylang=en
Microsoft Visual Studio .NET 2003 :
Microsoft Upgrade Visual Studio .NET 2003 GDIPLUS.DLL Security Update
http://www.microsoft.com/downloads/details.aspx?FamilyId=A13B7A21-463C-4286-AD68-E692417E80E2&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB833987)
http://download.microsoft.com/download/e/5/9/e5901f37-e33b-433c-9beb-9f58428c93de/WindowsServer2003-KB833987-x86-ENU.EXE
Microsoft Windows Server 2003 Datacenter Edition 64-bit :
Microsoft Patch Security Update for Windows Server 2003 64-bit Ed. and Windows XP 64-bit Ed, Version 2003 (KB833987
http://download.microsoft.com/download/6/2/8/6281e7a8-5c5b-4c5d-bcd4-9a29f5211dfe/WindowsServer2003-KB833987-IA64-ENU.EXE
Microsoft Windows Server 2003 Enterprise Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB833987)
http://download.microsoft.com/download/e/5/9/e5901f37-e33b-433c-9beb-9f58428c93de/WindowsServer2003-KB833987-x86-ENU.EXE
Microsoft Windows Server 2003 Enterprise Edition 64-bit :
Microsoft Patch Security Update for Windows Server 2003 64-bit Ed. and Windows XP 64-bit Ed, Version 2003 (KB833987
http://download.microsoft.com/download/6/2/8/6281e7a8-5c5b-4c5d-bcd4-9a29f5211dfe/WindowsServer2003-KB833987-IA64-ENU.EXE
Microsoft Windows Server 2003 Standard Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB833987)
http://download.microsoft.com/download/e/5/9/e5901f37-e33b-433c-9beb-9f58428c93de/WindowsServer2003-KB833987-x86-ENU.EXE
Microsoft Windows Server 2003 Web Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB833987)
http://download.microsoft.com/download/e/5/9/e5901f37-e33b-433c-9beb-9f58428c93de/WindowsServer2003-KB833987-x86-ENU.EXE
Microsoft Windows XP 64-bit Edition SP1:
Microsoft Patch Security Update for Windows XP 64-bit Edition (KB833987)
http://download.microsoft.com/download/1/d/c/1dc38e9f-0fc7-4cf9-8cec-6b1246aca884/WindowsXP-KB833987-ia64-ENU.EXE
Microsoft Windows XP 64-bit Edition :
Microsoft Patch Security Update for Windows XP 64-bit Edition (KB833987)
http://download.microsoft.com/download/1/d/c/1dc38e9f-0fc7-4cf9-8cec-6b1246aca884/WindowsXP-KB833987-ia64-ENU.EXE
Microsoft Windows XP 64-bit Edition Version 2003 :
Microsoft Patch Security Update for Windows Server 2003 64-bit Ed. and Windows XP 64-bit Ed, Version 2003 (KB833987
http://download.microsoft.com/download/6/2/8/6281e7a8-5c5b-4c5d-bcd4-9a29f5211dfe/WindowsServer2003-KB833987-IA64-ENU.EXE
Microsoft Windows XP Home SP1:
Microsoft Patch Security Update for Windows XP (KB833987)
http://download.microsoft.com/download/a/a/d/aadac1be-dc9d-49a6-945c-778409909bcc/WindowsXP-KB833987-x86-ENU.EXE
Microsoft Windows XP Home :
Microsoft Patch Security Update for Windows XP (KB833987)
http://download.microsoft.com/download/a/a/d/aadac1be-dc9d-49a6-945c-778409909bcc/WindowsXP-KB833987-x86-ENU.EXE
Microsoft Windows XP Professional SP1:
Microsoft Patch Security Update for Windows XP (KB833987)
http://download.microsoft.com/download/a/a/d/aadac1be-dc9d-49a6-945c-778409909bcc/WindowsXP-KB833987-x86-ENU.EXE
Microsoft Windows XP Professional :
Microsoft Patch Security Update for Windows XP (KB833987)
http://download.microsoft.com/download/a/a/d/aadac1be-dc9d-49a6-945c-778409909bcc/WindowsXP-KB833987-x86-ENU.EXE
References
Source: CERT TA04-260A Microsoft Windows JPEG component buffer overflow
URL: http://online.securityfocus.com/advisories/7211
Source: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
URL: msg://bugtraq/414770A2.9030603@verizon.net
Source: Microsoft Security Bulletin MS04-028
URL: http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Source: Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
URL: http://www.securityfocus.com/bid/1503
Source: RE: old netscape vuln - affecting XP/explorer?
URL: http://www.securityfocus.com/archive/82/290856
TheBlueRaja
01-10-2004, 16:50
And an advisory from Symatec.com here (http://securityresponse.symantec.com/avcenter/security/Content/11173.html) which is also where i got the above.
Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability
Risk
High
Date Discovered
09-14-2004
Description
Microsoft (Graphics Device Interface) GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds value for a memory copy operation.
A specially crafted JPEG image may trigger this vulnerability and result in the execution of arbitrary attacker-supplied code. Code execution would occur in the context of the user who is running the vulnerable software.
**Update: This issue is similar in nature to BID 1503, discovered by Solar Designer.
Symantec AntiVirus Products
A heuristic detection has been released to detect possible exploits of this vulnerability. Symantec Antivirus products will detect files which contain code to exploit this vulnerability as Bloodhound.Exploit.13.
Symantec ManHunt 3.0
As of September 25, 2004, users of Symantec Manhunt 3.0 can update to Security Update 28 to detect attempts to exploit this vulnerability. Click here for more information.
Symantec Network Security 7100
As of September 25, 2004, users of Symantec Network Security 7100 can update to Security Update 2 to detect attempts to exploit this vulnerability. Click here for more information. This update is available via LiveUpdate.
Platforms Affected
Microsoft Excel 2002 SP3
Microsoft Excel 2003
Microsoft FrontPage 2002 SP3
Microsoft FrontPage 2003
Microsoft InfoPath 2003
Microsoft MSN Messenger Service 9.0
Microsoft OneNote 2003
Microsoft Outlook 2002 SP3
Microsoft Outlook 2003
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2003
Microsoft Publisher 2002 SP3
Microsoft Publisher 2003
Microsoft Visual Basic .NET Standard 2002
Microsoft Visual Basic .NET Standard 2003
Microsoft Visual C# .NET Standard 2002
Microsoft Visual C# .NET Standard 2003
Microsoft Visual C++ .NET Standard 2002
Microsoft Visual C++ .NET Standard 2003
Microsoft Visual J# .NET Standard 2003
Microsoft Word 2002 SP3
Microsoft Word 2003
Components Affected
Avaya DefinityOne Media Servers
Avaya IP600 Media Servers
Avaya S3400 Modular Messaging
Avaya S8100 Media Servers
Microsoft .NET Framework 1.0 SP2
Microsoft .NET Framework 1.1
Microsoft .NET Framework SDK 1.0 SP2
Microsoft .NET Framework SDK 1.0 SP1
Microsoft .NET Framework SDK 1.0
Microsoft Digital Image Pro 7.0
Microsoft Digital Image Pro 9.0
Microsoft Digital Image Suite 9.0
Microsoft Greetings 2002
Microsoft Internet Explorer 6.0 SP1
Microsoft Office 2003
Microsoft Office XP SP3
Microsoft Picture It! 7.0
Microsoft Picture It! 9.0
Microsoft Picture It! 2002
Microsoft Picture It! Library
Microsoft Platform SDK Redistributable: GDI+
Microsoft Producer for Microsoft Office PowerPoint
Microsoft Project 2002 SP1
Microsoft Project 2002
Microsoft Project 2003
Microsoft Visio 2002 Professional SP2
Microsoft Visio 2002 Standard SP2
Microsoft Visio 2003 Professional
Microsoft Visio 2003 Standard
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition 64-bit
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition 64-bit
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Recommendations
Do not accept or execute files from untrusted or unknown sources.
A remote attacker will need to present a JPEG file to a victim user in order to exploit this vulnerability. Avoid accepting or opening files that originate from a user of questionable integrity.
Do not follow links provided by unknown or untrusted sources.
A remote attacker may exploit this vulnerability through a remote Web site. Avoid following links that originate from a user of questionable integrity.
Run all software as a non-privileged user with minimal access rights.
Run all applications with the minimum amount of privileges required to function adequately. This action can limit the impact of a successful attack.
Do not open email messages from unknown or untrusted individuals.
A remote attacker may exploit this vulnerability through email. Avoid accepting or opening unsolicited emails that originate from a user of questionable integrity.
Microsoft has released a security bulletin MS04-028 and fixes to address this issue in affected products. Additionally, the vendor reports that this issue is addressed in Microsoft Office 2003 Service Pack 1 for Office 2003, Microsoft Visio 2003 Service Pack 1 for Visio 2003 and Microsoft Project 2003 Service Pack 1 for Project 2003.
The vendor also reports that customers that have installed MSN 9, and have chosen to install Picture It! Express version 9 and Picture It! Library, should install the Picture It! version 9 update.
Customers are advised to access the referenced advisory for further information pertaining to obtaining and applying appropriate updates.
It should be noted that not all of the fixes to address this vulnerability are available at the time of writing. These fixes will be added later once they are available.
TheBlueRaja
01-10-2004, 16:53
We should all remember that whilst patching our computer software is an unending task, current antivirus software is also an essential part of our security.
If your A/V is current, and updated very regularly (at least once a day), you are going to be extremely unlikely to get an infection on your PC, even if it isnt quite fully patched. The A/V will scan any files as they are opened, detect something amis and prevent it's deployment.
Now going back to the above - i think that Norton AV at least may protect you from one of the exploits, but does it cover all of them? It seems a bit whooly if you catch my drift.
It does say -
Symantec AntiVirus Products
A heuristic detection has been released to detect possible exploits of this vulnerability. Symantec Antivirus products will detect files which contain code to exploit this vulnerability as Bloodhound.Exploit.13.
MovedGoalPosts
01-10-2004, 18:11
Now going back to the above - i think that Norton AV at least may protect you from one of the exploits, but does it cover all of them? It seems a bit whooly if you catch my drift.
It does say -
Realistically a good updated a/v will find the virus. Yes they can only know about today's viruses, not tomorrows. Adding in the heurowatsit technology further increases the safety factor.
You have to be rather unlucky to be one of the first to get sent that brand new virus before the good a/v vendors get to know about it, decode it, and release an update. The point is you get waht you pay for. The big a/v players do frequent updates and have enough staff to put out regular frequent updates. Freebie programs surely cannot be as safe, even if they are reputable. The updates arent as frequent for one and after all they are reallly hoping you will pay to upgrade to their paid version which probably does have better updates - there has to be a benefit to the upgrade.
Of course being sensible about what you open is a big step in protection. Just 'cos you were sent an email, doesn't mean you should open the attachments. Do you know the sender and were you expecting them to send it to you. If the answer to at least one of those questions is no, proceed with extreme caution.
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
Version: 11.0.5207.5
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2900.2180
C:\Program Files\Macromedia\Dreamweaver MX 2004\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Microsoft Office\OFFICE11\GDIPLUS.DLL
Version: 6.0.3255.0 <-- Vulnerable version
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\ServicePackFiles\i386\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\system32\GdiPlus.dll
Version: 5.1.3102.2180
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180
Scan Complete.
I installed the GDI patch a week or two ago, how do I get round this? :(Bifta (and Zombini)
I think you are largely OK.
As I read the output, the active versions of the DLL's are patched - the vuln. versions are in 'uninstall' locations.
Bifta, looks like you need the patch for your Office version (from http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx) and a patch for Dreamweaver, but otherwise your system looks OK. :)
Zombini, I don't think you need to do anything.. except relax and :beer:
HTH
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\ServicePackFiles\i386\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8e fd5a9b6f87fff395a2eb989\asms\10\msft\windows\gdipl us\gdiplus.dll
Version: 5.1.3102.2180
C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8e fd5a9b6f87fff395a2eb989\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8e fd5a9b6f87fff395a2eb989\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180
Scan Complete.
Did a trouble free SP2 update two weeks ago.
Most of mine seem to be in uninstall folders.
Which if any of the patches listed do I need for the two "apparent" GDI vulnerabilties?
My AV deffiles auto updated at least five times on Tuesday alone this week, and three times since.
TheBlueRaja
01-10-2004, 19:40
Of course being sensible about what you open is a big step in protection. Just 'cos you were sent an email, doesn't mean you should open the attachments. Do you know the sender and were you expecting them to send it to you. If the answer to at least one of those questions is no, proceed with extreme caution.
Now wanting to scaremonger - but say i got a picture that i though was funny - and didnt know contained the virus then uploaded it here in something like the Funny Pictures thread.... Now you wouldnt necessarily even know what was about to hit you would you.
Which if any of the patches listed do I need for the two "apparent" GDI vulnerabilties?
I don't think you need any more patches - windows side-by-side allows .NET programs to use specific versions of DLL's (for compatibility). As you have patched the vulnerable Windows programs, they are not going to make use of the old DLL's. Check out http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconside-by-sideexecutiontop.asp if you want to read more about Windows side-by-side. If you were ultra-cautious, the two old 'side-by-side' DLL's could be moved somewhere else that Windows can't find them !
MovedGoalPosts
01-10-2004, 21:39
Now wanting to scaremonger - but say i got a picture that i though was funny - and didnt know contained the virus then uploaded it here in something like the Funny Pictures thread.... Now you wouldnt necessarily even know what was about to hit you would you.
You got me there. But I still hope my current A/V would try and block the piccy opening, much as it blocks access to many of the virus payload email attachments (not a function of Outlook blocking it as even if I do get to the attachment it won't open)
MadGamer
01-10-2004, 21:48
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
Version: 10.0.2625.0 <-- Possibly vulnerable (Under OfficeXP only)
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll
Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1336 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDI PLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\ServicePackFiles\i386\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll
Version: 5.1.3102.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180
Scan Complete.
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
Version: 10.0.2625.0 <-- Possibly vulnerable (Under OfficeXP only)
...
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDI PLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
...
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll
Version: 5.1.3102.2180
....
Wayne,
If you've got Office XP you'll need the patch for that, but more worrying is the bit about ...\GDIPLUS\GDIPLUS.DLL
It looks like Windows, or you, have downloaded the patch for GDIPLUS (Software Distribution version), but hasn't moved it into place. No errors from the patch install? I would try the patch again (manual download) and if still no luck manually copy the new DLL in place of the old one (make a Windows Restore point, just in case!).
HTH
MadGamer
02-10-2004, 15:22
Wayne,
If you've got Office XP you'll need the patch for that, but more worrying is the bit about ...\GDIPLUS\GDIPLUS.DLL
It looks like Windows, or you, have downloaded the patch for GDIPLUS (Software Distribution version), but hasn't moved it into place. No errors from the patch install? I would try the patch again (manual download) and if still no luck manually copy the new DLL in place of the old one (make a Windows Restore point, just in case!).
HTH How can i download the Office Patches Manually? Also i dont get the rest.
Wayne,
All the patches for the GDI problem can be reached here -
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Note - If you have your Office CD handy you only need the 'client' version of the patch, otherwise download the 'fullfile' version.
My other point was that you have two files -
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDI PLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
...
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll
Version: 5.1.3102.2180
One is the original file (5.1.3097.0), the other is the patched version of the same file (5.1.3102.2180). Normally the patch should have copied the patch over the original, but it hasn't.
I would suggest downloading the WinXP patch from the location above and manually installing. Then run the GDISCAN again.
HTH and is clearer!
highlandlassie
03-10-2004, 09:11
Can someone please read my scan for me please
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
Version: 10.0.4219.0 <-- Possibly vulnerable (Under OfficeXP only)
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2900.2180
C:\Program Files\Microsoft Works\gdiplus.dll
Version: 5.1.3079.3 <-- Vulnerable version
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDI PLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\ServicePackFiles\i386\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll
Version: 5.1.3102.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180
Scan Complete.
zoombini
03-10-2004, 15:21
Zombini, I don't think you need to do anything.. except relax and :beer:
HTH
OK, I took your advice, did nothing but get bladdered on Friday eve..lol
Can someone please read my scan for me please
...
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
Version: 10.0.4219.0 <-- Possibly vulnerable (Under OfficeXP only)
...
C:\Program Files\Microsoft Works\gdiplus.dll
Version: 5.1.3079.3 <-- Vulnerable version
....
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDI PLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
...
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll
Version: 5.1.3102.2180
....
OK, two things of note -
1. MS say that MS Works is not vulnerable! GDIScan disagrees :Yikes:
I suggest you copy C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll over the top of the Works file.
2. I've done some more research on the C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDI PLUS.DLL file. This is in a copy of the original XP disk stored on your drive (the make installing extra features easier). Again, it is safe to just copy the patched version you've just used for Works.
HTH.
TheBlueRaja
03-10-2004, 19:38
OK, two things of note -
1. MS say that MS Works is not vulnerable! GDIScan disagrees :Yikes:
I suggest you copy C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll over the top of the Works file.
2. I've done some more research on the C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDI PLUS.DLL file. This is in a copy of the original XP disk stored on your drive (the make installing extra features easier). Again, it is safe to just copy the patched version you've just used for Works.
HTH.
This is all due to one of the security features in Windows XP. Basically, important system files are backed up and if one is replaced incorrectly or becomes corrupted then it will automatically be overwritten with the backup IIRC.
highlandlassie
03-10-2004, 19:42
thanks for the reply have sent you a PM as this is way over my head:dunce:
highlandlassie
03-10-2004, 21:08
its saying make sure file path is correct - not working
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll
highlandlassie
03-10-2004, 21:25
it worked - but did it a different way - so looks like I am ok now. I downloaded a new dgiplus.dll followed the instructions that were posted and am a happy camper - thanks to everyone for their help :kiss:
Scanning Drive C:...
C:\Documents and Settings\Mary\Desktop\gdiplus.dll
Version: 5.1.3102.1360
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
Version: 10.0.4219.0 <-- Possibly vulnerable (Under OfficeXP only)
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2900.2180
C:\Program Files\Microsoft Works\gdiplus.dll
Version: 5.1.3102.1360
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\gdi plus.dll
Version: 5.1.3102.1360
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\ServicePackFiles\i386\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\asms\10\msft\windows\gdipl us\gdiplus.dll
Version: 5.1.3102.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34 a35fced0033d3e152a36e0e\vgx.dll
Version: 6.0.2900.2180
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.2180
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
Version: 5.1.3102.2180
Scan Complete.
I haven't got a copy of the test result, but on my W98SE box the only apps the test considered vulnerable were Symantic products !! :rolleyes:
TheBlueRaja
07-10-2004, 22:01
Apologies for bumping this again, but i have found a new version of GDIPLUS.DLL from microsoft that is not vulnerable and you can use it to overwrite any version of GDIPLUS.DLL you may have that is vulnerable.
You can grab it here - http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
This is a self extracting exe, just unzip it to C:\Temp or whatever then copy over any vulnerable versions with that one.
FYI, MS have just updated the sec bulletin for MS04-028 :
* MS04-028
- http://go.microsoft.com/?linkid=1190073
- Reason for re-release: Bulletin updated to advise on the
availability of revised security updates for Office XP,
Visio 2002, and Project 2002 customers that are using Windows XP
Service Pack 2. Microsoft Knowledge Based Article 833987
documents the currently known issues that customers may
experience when installing these security updates. The article
also documents recommended solutions for these issues. Microsoft
has also released the MS04-028 Enterprise Update Scanning Tool
to help customers detect and deploy the required updates. For
more information about the MS04-028 Enterprise Update Scanning
Tool, see Microsoft Knowledge Base Article 886988. Microsoft has
also released an update for Windows 2000 based systems that have
installed the Windows Journal Viewer. The bulletin has also been
updated with a new FAQ that addresses questions regarding the
Visio 2002 Viewer, Visio 2003 Viewer, and PowerPoint 2003
Viewer programs.
Scanning Drive C:...
C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\system32\dllcache\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\system32\dllcache\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
Scan Complete.
Mind you I aint installed SP2 or most updates....but psp9 :dozey: i just paid out for that :rolleyes: :angel: :dozey:
Electrolyte01
10-11-2004, 09:27
Ran the scan, and got this:
Scanning Drive C:...
C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.DLL
Version: 6.0.2800.1411
C:\WINNT\system32\dllcache\vgx.dll
Version: 6.0.2800.1411
Scan Complete.
Running Windows 2000 :erm:
vBulletin® v3.8.11, Copyright ©2000-2024, vBulletin Solutions Inc.