Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

SV: Sans GDI scan says still vulnerable after patching
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Wed, 6 Oct 2004 18:30:38 +0200

Hi Billy,

Copy your updated gdiplus.dll file and overwrite the vulnerable DLL's.
Please note that this procedure might provent third part software from
working proberly.

F:\WINDOWS\system32\dllcache\sxs.dll

See: http://support.microsoft.com/?kbid=236995

F:\WINDOWS\system32\sxs.dll

This usally occurs when third part software is installed on the system.
Their DLL's might be based upon the vulnerable version from MS. You shold
make a backup of the vulnerable DLL's and overwite them with the new patched
version. If this doesn't give any problems, with any other software you've
installed, you can always delete the backup.

Regards
Peter Kruse
http://www.csis.dk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]