Let me get this straight: It really doesn't matter if the version of Frogger I run has the older dll, to exploit the flaw you would have to get a user to view a malformed jpeg via the Frogger app which would call the older dll and voila! Right? Assuming that is correct; AutoCAD, while a big app on many systems, probably does not have the kind of market saturation a worm writer is looking for. This exploit could be used for directed attacks against Dreamweaver users or CAD factories, but admins should concentrate on the IE6 and Office patches as via HTTP or MUA is the most likely dispersion of a jpeg exploit (IM as well, but I think trillian uses the system's dll like a good program should). Does anyone know why .net has its own dll for viewing jpeg's? Am I misunderstanding the exploit/flaw/ or usage of this dll? jp -----Original Message----- From: Gary Warner [mailto:gar@xxxxxxxxxx] Sent: Thursday, September 16, 2004 8:07 AM To: Polazzo Justin; bugtraq@xxxxxxxxxxxxxxxxx; birmingham-infragard@xxxxxxxxxxxxxxxxxxxxxxxx Subject: Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow On the Microsoft security briefing webcast yesterday they said that GDIPLUS.DLL is distributed with many applications. Depending on how those applications were built, simply replacing the DLL may break the app. They recommend applying Microsoft patches, and contacting the vendors of any apps associated with GDIPLUS. The GDI+ detection tool ONLY DETECTS CURRENTLY SUPPORTED MICROSOFT PRODUCTS. They confirmed on the call that older versions ARE VULNERABLE but that only CURRENT versions will be patched. Recommendation, of course, update to current on every version. There was special guidance for application developers dealing with whether the app was built in Visual Studio as a "Managed Application" or not. Rather than guess about that, I strongly recommend replaying the webcast. There's a PDF of the slides available, and the Q&A had many revealing deteails. From www.microsoft.com/technet/security/ go to the Register for September Webcast link even though the meeting is over, Register it will take you to a "View Recording" page which will let you stream the Live Meeting Replay in Windows Media Format. _-_ gar
