| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: PerrymonJ at bek.com (Perrymon, Josh L.) Subject: SANS GDIscan I get the same thing. I see a lot of indifferences with the locations of the .DLL -- Also patched systems from M$ update and SMS patch pushes and still get vulnerable .DLLs using the Scanner from SANS? Does the M$ patch really fix this issue? I'm going to take a patched box and run some exploits on it in the lab to see the results. JP -----Original Message----- From: bashis [mailto:mcw@....se] Sent: Sunday, September 26, 2004 10:34 AM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] SANS GDIscan Hi I tested [1] 'gdiscan' from SANS, and this tool reports vulnerable DLL's after installing all availible patches from M$.. WinXP Pro SP1 C:\WINDOWS\system32\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version Win2k Server SP4 C:\Program Files\Common Files\Microsoft Shared\Ink\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version [1] http://isc.sans.org/gdiscan.php Have a nice day /bashis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists