Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FW: Office Viewers vulnerable to gdiplus.dll issue [sr]

from [jlawson-bugtraq] Network Security [Permanent Link]
Subject: FW: Office Viewers vulnerable to gdiplus.dll issue [sr]
Date: Fri, 24 Sep 2004 11:31:59 -0500 
Perhaps some list readers might want to be aware of the potential
vulnerability in the unsupported Microsoft Office Viewer utilities, in case
they are deployed within their networks.

Jeff

-----Original Message-----
From: Microsoft Security Response Center [mailto:secure@microsoft.com]
Sent: Friday, September 24, 2004 11:09 AM
To: Jeff Lawson
Cc: Microsoft Security Response Center
Subject: RE: Office Viewers vulnerable to gdiplus.dll issue [sr]



Jeff,

At this time, we do not offer servicing of viewers. They are not officially
supported or serviced.

Now some things are in the works and that may change in the near future.

Thanks
Scott


-----Original Message-----
From: Jeff Lawson
Sent: Thursday, September 23, 2004 5:38 PM
To: Microsoft Security Response Center
Subject: Office Viewers vulnerable to gdiplus.dll issue

I'm wondering if the MS Office Viewers need to be updated as well?  For
example in my "C:\Program Files\Microsoft Office\PowerPoint Viewer"
directory and in "C:\Program Files\Microsoft Office\OFFICE11" there is a

gdiplus.dll library with these details (version 6.0.3260.0):

06/20/2003  01:28 PM         1,777,664 GDIPLUS.DLL

I have installed the PowerPower Viewer 2003 and the Visio Viewer 2003, but
the Office Update webpage does not detect any products that need fixing.

The security bulletin makes no mention of the Office Viewers:
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
although it does mention that version 6.0.3260.0 is vulnerable.

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • FW: Office Viewers vulnerable to gdiplus.dll issue [sr], jlawson-bugtraq <=
Previous by Date:  Re: MinorRev: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987), Reynolds, Tom
Next by Date:  Re: Inconsistencies between Windows Updates and AU/SUS, k levinson
Previous by Thread:  GDI Plus Reporting Utility, eric . brunsen
Next by Thread:  Automatically passing NTLM authentication credentials on XP, urity
Indexes:  [Date] [Thread] [Top] [All Lists]