lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 22 Sep 2004 12:16:24 -0700 (PDT)
From: securityzone@...romedia.com (Macromedia Security Zone)
To: bugtraq@...urityfocus.com
Subject: Macromedia Products Not Affected by MS JPEG/GDIPlus Issue



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Macromedia Products Not Affected by Microsoft JPEG/GDIPlus 
Vulnerability  

Originally posted: September 20, 2004 

http://www.macromedia.com/go/security_mpsb04-07 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 

Summary: 

On September 14, 2004, Microsoft released a security 
bulletin warning that there may be wide-ranging effects on 
software that handles JPEG images. Macromedia has reviewed 
its products and found none of them to be at risk from this 
issue. 

~~~~~~~ 

Details: 

For more technical details, please visit Microsoft's 
security bulletin: 

http://www.macromedia.com/go/ms_security_MS04-028 

For users of Macromedia products, the relevant portion of 
the bulletin states: �not every program that installs this 
file is vulnerable to this issue because it may not use the 
Gdiplus.dll file to process JPEG images. However, only the 
manufacturer of that program can make that determination.� 

Although some Macromedia products do install a vulnerable 
version of gdiplus.dll, no Macromedia product uses this 
Microsoft graphics library to process JPEG images, therefore 
there is no security risk. 

In some configurations, the following Macromedia products 
may install a gdiplus.dll file; however, because these 
products do not invoke the affected JPEG routines, there 
is no security risk: 

* Contribute
* Dreamweaver
* Fireworks
* Flash
* FlashPaper
* FreeHand
* RoboSource Control
* Studio MX 

~~~~~~~ 

Revisions: 

September 15, 2004, bulletin first created. 

~~~~~~~ 

Reporting Security Issues: 

Macromedia is committed to addressing security issues 
and providing customers with information on how they 
can protect themselves. If you identify what you 
believe may be a security issue with a Macromedia 
product, please send an e-mail to secure@...romedia.com. 
We will work to appropriately address and communicate 
the issue. 

~~~~~~~ 

Receiving Security Bulletins: 

When Macromedia becomes aware of a security issue that 
we believe significantly affects our products or customers, 
we will notify customers. Typically this notification will 
be in the form of a security bulletin explaining the issue 
and the response. Macromedia customers who would like to 
receive notification of new security bulletins when they 
are released can sign up for our security notification 
service. For additional information on security issues at 
Macromedia, please visit: 

http://www.macromedia.com/security 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS OR FIXES 
PROVIDED BY MACROMEDIA IN THIS BULLETIN ARE PROVIDED "AS IS" 
WITHOUT WARRANTY OF ANY KIND. MACROMEDIA AND ITS SUPPLIERS 
DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR 
OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND 
FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY 
OF NON-INFRINGEMENT, TITLE OR QUIET ENJOYMENT. (USA ONLY) 
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, 
SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. 

IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE 
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT 
LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, 
SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS 
INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, 
BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF 
CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), 
PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. 
OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED 
OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES 
DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR 
CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION 
OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE 
OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE. 

Macromedia reserves the right, from time to time, to update 
the information in this document with current information. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Macromedia Support, Privacy, and Unsubscribe Information 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

Macromedia Support:  
http://www.macromedia.com/support/ 

Macromedia and your privacy: 
http://www.macromedia.com/help/privacy.html 

Contact Macromedia: 
Thank you for your continued interest in Macromedia products. 
If you'd rather not receive updates about events, classes, or  
products, write to newsflash@....macromedia.com and type 
'no thanks' in the Subject line. You may also change your 
communication preferences by visiting this web page: 


Macromedia, 600 Townsend St., San Francisco, California 94103

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ