|
Important: Windows JPEG vulnerability (merged)
Folks, there's a potentially
very nasty problem with the way in which Windows displays jpeg images, which means that a machine could be vulnerable when viewing images on the web or when your e-mail program displays images contained in messages. As far as I know the problem is a proof of concept, but it's a fair bet that someone will find a use for it soon. The most common software to be affected is Windows XP (with or without Service Pack 1), Internet Explorer 6 SP1 and Office XP SP3 or 2003. If you run any of these, you should take a look at Microsoft advice on jpg vulnerability It also affects many other Microsoft products, such as Publisher, Visio, Visual C++ etc. so if you run other Microsoft software you should check the full list here. Windows XP SP2 is not affected; however, it is possible to have multiple versions of the vulnerable library, so I think all affected products need to be patched individually (i.e. Windows XP SP2 users do still need to update Office). The MS link should provide the info you need. |
Hiya Evo,
Great link, thank you. SP2 OK but the old office 2003 needed upgrading. Cheers Mike |
EVO - may I recommend this as a sticky for a few weeks?
FJJP |
Important: Windows JPEG vulnerability (merged)
From Slashdot... http://it.slashdot.org/article.pl?si...&tid=109&tid=1
"Tom Liston, the guy that brought us the LaBrea Tarpit, wrote an open letter to Microsoft regarding the GDI JPEG vulnerability, and Microsoft's scanning tool for this vulnerability, which he calls 'worse then useless'. Tom, who wrote his own scanning tool, ends his letter with 'Please stop treating your customers like idiots and give us information; information that we can use.' Like Tom explains, the official Microsoft scanning tool misses a lot of vulnerable DLL's installed by third parties, and Microsoft fails to explain if these libraries are a problem or not." Open letter at http://isc.sans.org/diary.php?date=2004-09-26 Download GDISCAN at http://isc.sans.org/gdiscan.php NOTE: In the results - "Ignore files in directories like Windows\$NtUniinstallKBxxxxx\ and Windows\WinSxS. These are old versions left behind for uninstall purposes." All clear this end. |
As expected, this is now active and in the wild - and it seems rather nasty too. It's making an appearance via a spam email directing you to a website for 'more information'.
As for the slashdot story, good tool maybe - but what an awful 'open letter'! Including an irrelevant story about your childhood that comprises half the letter seems guaranteed to make Microsoft ignore it... edit: actually, it is a very useful tool. Despite doing everything that Microsoft said, Scanning Drive C:... <snip> C:\Program Files\Mindjet\MindManager 5\sys\shell\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version C:\Program Files\Mindjet\MindManager 5\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version C:\Program Files\Mindjet\MindManager 5 Viewer\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version <snip> Scan Complete. Oh b*gger, there's more on another computer. Anybody have any idea what these two are? C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL Version: 5.1.3097.0 <-- Vulnerable version C:\I386\SXS.DLL Version: 5.1.2600.1106 <-- Vulnerable version |
| All times are GMT. The time now is 12:26. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.