Bugtraq: Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow

[Gary Warner <gar () askgar com>]

On the Microsoft security briefing webcast yesterday they said that 
GDIPLUS.DLL is distributed with many applications.  Depending on how 
those applications were built, simply replacing the DLL may break the 
app.  They recommend applying Microsoft patches, and contacting the 
vendors of any apps associated with GDIPLUS. 

The GDI+ detection tool ONLY DETECTS CURRENTLY SUPPORTED MICROSOFT PRODUCTS.

They confirmed on the call that older versions ARE VULNERABLE but that 
only CURRENT versions will be patched.  Recommendation, of course, 
update to current on every version.
There was special guidance for application developers dealing with 
whether the app was built in Visual Studio as a "Managed Application" or 
not.  Rather than guess about that, I strongly recommend replaying the 
webcast.  There's a PDF of the slides available, and the Q&A had many 
revealing deteails.
From www.microsoft.com/technet/security/
go to the Register for September Webcast link
even though the meeting is over, Register
it will take you to a "View Recording" page which will let you stream 
the Live Meeting Replay in Windows Media Format.
_-_
gar