gdiplus.dll virus vulnerability
Started by masterbrox
Subscribe to this thread


Rate this topic
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


5 posts in this topic
Thread Modes
masterbrox
Junior Member
**


0
1 posts 1 threads Joined: Sep 2004
09-27-2004, 08:49 PM -
#1
TLB 3.1 includes a vulnerable version of the file gdiplus.dll. Potentially, someone could distribute a plugin or skin with a virus in a JPEG file. There are updated versions of the gdiplus.dll file, but it needs to be included in TBL.

http://www.microsoft.com/technet/securit...4-028.mspx

http://isc.sans.org/gdiscan.php
Reply
rothlis
Junior Member
**


0
7 posts 0 threads Joined: Sep 2004
09-28-2004, 02:10 AM -
#2
That's interesting... I'm running 3.1 and gdiscan doesn't report any such DLL as part of TLB. I wonder if it came with one of the plugins?
Reply
Yuri Kobets
Posting Freak
*****


10
6,208 posts 429 threads Joined: Jan 2002
09-28-2004, 05:19 AM -
#3
TLB Clock is the only plugin that uses gdiplus.dll
Thank you for note.
Reply
The TORDEX Team
http://www.tordex.com
Guest
Guest


 
09-29-2004, 04:22 AM -
#4
Hi

just for your info the drivespace plugin uses gdiplus.dll to.

cu jens
Reply
Yuri Kobets
Posting Freak
*****


10
6,208 posts 429 threads Joined: Jan 2002
09-29-2004, 10:01 AM -
#5
jens you need update for Drive Space. The last version do not use gdiplus.

Also note if you download updated gdiplus.dll from microsoft the old version will not be installed.
Reply
The TORDEX Team
http://www.tordex.com


Forum Jump:


Users browsing this thread: 1 Guest(s)