lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FEBC66CCD411744381228574BAB53A9B9E8EF2@MAIL.fac.gatech.edu>
Date: Thu, 16 Sep 2004 09:18:32 -0400
From: "Polazzo Justin" <Justin.Polazzo@...ilities.gatech.edu>
To: <bugtraq@...urityfocus.com>, <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Subject: RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow


Let me get this straight: It really doesn't matter if the version of
Frogger I run has the older dll, to exploit the flaw you would have to
get a user to view a malformed jpeg via the Frogger app which would call
the older dll and voila! Right?

Assuming that is correct; AutoCAD, while a big app on many systems,
probably does not have the kind of market saturation a worm writer is
looking for. This exploit could be used for directed attacks against
Dreamweaver users or CAD factories, but admins should concentrate on the
IE6 and Office patches as via HTTP or MUA is the most likely dispersion
of a jpeg exploit (IM as well, but I think trillian uses the system's
dll like a good program should).

Does anyone know why .net has its own dll for viewing jpeg's? Am I
misunderstanding the exploit/flaw/ or usage of this dll?

jp

-----Original Message-----
From: Gary Warner [mailto:gar@...gar.com] 
Sent: Thursday, September 16, 2004 8:07 AM
To: Polazzo Justin; bugtraq@...urityfocus.com;
birmingham-infragard@...mingham-infragard.org
Subject: Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow

On the Microsoft security briefing webcast yesterday they said that
GDIPLUS.DLL is distributed with many applications.  Depending on how
those applications were built, simply replacing the DLL may break the
app.  They recommend applying Microsoft patches, and contacting the
vendors of any apps associated with GDIPLUS. 

The GDI+ detection tool ONLY DETECTS CURRENTLY SUPPORTED MICROSOFT
PRODUCTS.

They confirmed on the call that older versions ARE VULNERABLE but that
only CURRENT versions will be patched.  Recommendation, of course,
update to current on every version.

There was special guidance for application developers dealing with
whether the app was built in Visual Studio as a "Managed Application" or
not.  Rather than guess about that, I strongly recommend replaying the
webcast.  There's a PDF of the slides available, and the Q&A had many
revealing deteails.

 From www.microsoft.com/technet/security/
go to the Register for September Webcast link even though the meeting is
over, Register it will take you to a "View Recording" page which will
let you stream the Live Meeting Replay in Windows Media Format.
_-_
gar



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ