Btw is it just me or does this only work in IE a not Firefox.Quote:
The button is greyed out in FF.
Printable View
Btw is it just me or does this only work in IE a not Firefox.Quote:
The button is greyed out in FF.
It uses ActiveX to run code locally on your machine, so it requires IE.
And the first exploits are well under way, according to this:
http://www.theinquirer.net/?article=18585
WinXP users should seriously consider upgrading to SP2 IMO, enad everytone else should get patched. I think this is going to be a big one when it hits :(
For those paranoid folk there a GDI Scan tool thats been produced for scanning all your applications to check if any are vulnerable ;)
Quote:
gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll.
The scan starts upon execution. It will signal completion of scan in text box with "Done."
Vulnerable versions of the .dll files are listed in RED.
The path where a vulnerable .dll file is found is important. Remember that dlls are loaded in the following order (note: this is a VAST simplification):
The directory from which the application loaded.
The (application's) current directory.
Windows 95/98: The Windows system directory (default: C:\Windows\system)
Windows NT+: The 32-bit Windows system directory (default: C:\WinNT\System32)
Windows NT+: The 16-bit Windows system directory (default: C:\WinNT\System)
The Windows directory (default: C:\WinNT or C:\Windows)
The directories that are listed in the PATH environment variable
some more reading here
http://www.crn.com/showArticle.jhtml?articleID=47902683
My suspicion is that MS added the code to allow backdoors into JPEG's to satisfy the DOJ's assault on pedophiles. That is purely a guess.
Concerningmaybe this has been said already, but I am finally realizing that the above page is a diagnostic tool to tell you if you need the GDI+ security update. If Step 3 indicates no further action is needed, then so be it. If step 3 says you need the GDI+ security update, you will get instructions where to get it.Quote:
http://www.microsoft.com/security/bulletins/200409_jpeg_tool.mspx
Since Windows Update offered this website to me, I assumed it was the GDI+ security fix, itself, which it isn't.
Vernon Frazee--So what are those who are not offered the GDI+ security update (since they do not run Office components) to do about the vulnerability in IE?
Or MS Works which also does not have a patch either :rolleyes:
According to the Internet Storm Center at the SANS Institute, computers with updated versions of anti-virus software should be protected also.
Hackers Target Microsoft's JPEG Flaw
http://www.kansascity.com/mld/kansas...9784184.htm?1c
From this one, until someone else creates another exploit for the same vuln and gets it out widely before the AV vendors catch up.Quote:
Originally posted by DuaneB
According to the Internet Storm Center at the SANS Institute, computers with updated versions of anti-virus software should be protected also.
Antivirus software is a nice safety net, but it really can't be relied on as an alternative to patching.
GDI+ JPEG Vulnerability: Info/FAQ/Fix
http://discussions.virtualdr.com/sho...hreadid=173993
Vernon Frazee--Thanks for the very informative references.
I have run the gdiscan and found five "vulnerable" versions of gdiplus.dll, two of which were in Microsoft files
C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\I386\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
The new version from the SDK download is
5.1.3102.1360
Has anybody here actually replaced the "vulnerable" version with the new version? Systems still work? Always nice to learn from someone else's experience.
Just had the GDI scan note vulnerabilities in Works 7 and NSW2004 as below and replaced both with the patched version and all seems to be working.
Quote:
C:\Program Files\Microsoft Works\gdiplus.dll
Version: 5.1.3079.3 <-- Vulnerable version [Works v 7]
C:\Program Files\Norton SystemWorks\Password Manager\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version [ NSW 2004]
C:\Program Files\Symantec\Web Tools\GDIPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version [NSW 2004]