In-Reply-To: <B7C2C6BA798F3C4DBDD78BEDC1F8AD5705D7D30D () nycmb01 law sullcrom com>
The machine is a Windows XP SP1 completly patched with Office 2000 SP 3 completly patched.
I don't have any kind of imaging programs installed (Photoshop, Picture It, etc)
The output from the SANS tool is:
Scanning...
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.0 <-- Vulnerable version
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable version
C:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.1515
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Vulnerable version
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll
Version: 5.1.3102.1360
Scan Complete.
Does anybody know what the content of the WinSxS directory under the windows installation path is?
albatross
How did you test this (and on what platform), and why do you propose
that the SANS tool is delivering more accurate results than the GDI tool
delivered by Microsoft?
I tested the SANS tool against a properly patched XP system on Friday
and found it to false positive on many of the locations it said it
wouldn't test on. Additionally, I found it to alert on MS09.dll, on an
XP system. Our understanding from Microsoft is that MS09.DLL only needs
to be updated to be fully compatible with an updated GDIPLUS.DLL in the
system directory, it is not directly vulnerable.
So, it would be good to know what you found.
Best,
Gaby
Intro
