lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <63F4E0D5A4852D4485E4768C85C8575C494B6C@u-sais-ntx01.nsa.souda.navy.mil>
Date: Thu, 16 Sep 2004 11:50:11 +0300
From: "Angelidis, Fotis(NSASOUDABAY)" <AngelidisF@....souda.navy.mil>
To: "'Polazzo Justin'" <Justin.Polazzo@...ilities.gatech.edu>,
	bugtraq@...urityfocus.com
Subject: RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow




-----Original Message-----
From: Polazzo Justin [mailto:Justin.Polazzo@...ilities.gatech.edu]
Sent: Wednesday, September 15, 2004 6:24 PM
To: Nick D.; bugtraq@...urityfocus.com
Subject: RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow

>Ps: ARRRgh!!
>
>P.p.s: Am I missing the all in one patch? Is the GDI+ Detection Tool
>available as download? Will the GDI detection tool search through non-ms
>sw?

Actually the GDI+ Detection Tool comes before the actual update takes place
in Windows Update. If you visit windowsupdate.com and select the patch for
downloading, the tool is being downloaded first and if it finds any
vulnerable versions of the file, it downloads the updates respectively.

I cannot guarantee that it will search through non-ms software though,
however I'm not sure if the specific vulnerability affects non-ms products
in the first place. To the best of my knowledge it has to do with the JPEG
parsing engine in certain Microsoft products which are mentioned in the
advisory page :)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ