GDI Scan

Discussion in 'other security issues & news' started by Untouchable J, Sep 25, 2004.

Thread Status:
Not open for further replies.
  1. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Devico

    Yes, I think his MS Office might be a cracked version. So will the patch work for him?

    Even if it's not cracked ... I think he might even lost it anyway.

    So advice welcome.

    :doubt:

    P/s: I will only be able to upgrade to SP2 as I still need to get the CD.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,791
    Location:
    SW. Oklahoma
    In the support info I read it said that the ofice xp patch would fix the vulnerability in xp jpeg rendering. And it seem to have . Didn't hurt. and no. No office at all. it patched the hp digital imaging software I have to stop the jpeg exploit.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    chew,

    Well then it serves him right. :D
    I think you need the CD for the full Office Service Packs.
    The patches like the one I linked to have a version that doesn't need the CD.
    But it is not the full SP.
     
  4. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Devico

    Yes, I guess I will just let him know later. His choice really.

    I will patch mine later on for the Full SP.

    :)
     
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Tried running the Office XP update and get this error:

    Nick
     

    Attached Files:

  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,791
    Location:
    SW. Oklahoma

    I did have an installed app that required the office update, the hp digital imaging app I have required it.
     
  7. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Makes sense. I will assume that, since I have SP2 and no affected third party imaging apps, I should not be vulnerable. Microsoft should provide guidance regarding what to do with the various versions of these dlls that remain on systems after patching.

    Nick
     
  8. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Yep,

    I've got exactly the same vulnerables as shown at the top of this thread.
    I am fully patched SP2 and Office Updates....but these still exist.........I'm a bit worried.
    By the way......Don't think I've ever had to use my office disks ever for an office update.

    C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
    Version: 5.1.3097.0 <-- Vulnerable version
    C:\I386\ASMS\10100\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
    Version: 5.1.3101.0 <-- Vulnerable version
    C:\WINDOWS\$NtServicePackUninstall$\vgx.dll
    Version: 6.0.2800.1106 <-- Possibly vulnerable (Win2K SP2 and SP3 w/IE6 SP1 only)
    C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
    Version: 5.1.2600.1106 <-- Possibly vulnerable (Backup for uninstall purposes)
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
    Version: 5.1.3097.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
    Version: 5.1.3101.0 <-- Possibly vulnerable (Windows Side-By-Side DLL)

    I'm at a loss.

    Buck
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    53,655
    Location:
    Texas
    I am curious to see the reply.
     
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Excellent letter! Will MS read it? Will they understand it? Will they do something about it before it's too late?

    I'm glad we are not the only ones talking about this.
     
  12. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    In my honest opinion, this ridiculous GDI+ is just really annoying, wondering what the guys at Redmond are gonna do about this.
     
  13. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii

    I just ran that scanner and I have the MS Picture It 7 listed. I had tried to patch that earlier. I got caught in a loop and cannot download the patch. Same thing happened when I tried to patch MS Works 2003.

    I see that you have the Sonic Record Now dll listed as vulnerable. What do we do about something like that? I can't even ask Sonic because I have the Dell installed software so it's Dell's responsibility.

    I'm running XP Pro SP1a and have the OS patch, IE patch and Office patch. My understanding was that is all that is needed but this tool flags things like MS Picture it which I cannot install the patch for. I think the tool is not taking into consideration the fact that in XP the operating system version of the Gdiplus.dll is used unless there is side by side bypass by the vendor which is rare. Thus, since I patched the OS, IE and Office I should be ok.

    The dll in question for Sonic is indeed the MS dll so no side by side bypass and the way I read the MS bulletin, with the OS patch, Sonic will use the new, safe Gdiplus.dll for XP Pro Sp1a. I hope I'm right about that.
     
  14. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,859
    Location:
    wilds of wv
    hi
    here is the results of my scan do i need to get office update too?
     
    Last edited: Sep 29, 2004
  15. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  16. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,859
    Location:
    wilds of wv
    thank you nick,going to go read it now
    rita
     
  17. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thank you Nick!
     
  18. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,859
    Location:
    wilds of wv
    important question-when i download the office update--when it ask where to put it what should i type in?
    rita
     
  19. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Ritaann,

    Just go to OfficeUpdate and it will scan and install updates from there. You will need to use IE.
     
  20. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,859
    Location:
    wilds of wv
    hi devinco
    i did just now and it says have to have ie 6 which i do or to turn off the firewall which i did but it still wont work--wonder why?thanks
    rita
     
  21. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
  22. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,859
    Location:
    wilds of wv
    how do i do that :oops:
    rita
     
  23. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,700
    Location:
    scotland
    In internet explorer you click - tools - internet options - security and then u will see trusted site, u click on that and then add this web address to the list then click ok. http://office.microsoft.com


    THE MUL
     
  24. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I know Ronjor would have an excellent link for the procedure, but basically you double click the little globe next to the word Internet in the lower right corner of IE. This brings up the Internet Security Properties window Click on the icon for Trusted sites. Then click the Sites... button.
    Type in http://office.microsoft.com in the text field.
    Uncheck the require server verification check box.
    Click Add, OK, OK

    :D The Mul, you beat me by 10 seconds! :D
     
  25. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,859
    Location:
    wilds of wv
    hi Mul and devinco
    I done it and it still wont do it??thanks anyway for helping me,appreciate it--will keep trying
    rita

    hey ,this time it worked for some reason but checked and said i didnt need any updates--so how do i fix the things that was on the GDIS scan?--thanks
     
    Last edited: Sep 29, 2004
Thread Status:
Not open for further replies.