Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Microsoft's GDI Detetection Tool faults

from [the rxmr] Network Security [Permanent Link]
Subject: Re: Microsoft's GDI Detetection Tool faults
Date: Tue, 28 Sep 2004 13:58:24 -0500 
On 27 Sep 2004 17:46:24 -0000, albatross@tim.it <albatross@tim.it> wrote:

In-Reply-To: 
<B7C2C6BA798F3C4DBDD78BEDC1F8AD5705D7D30D@nycmb01.law.sullcrom.com>

The machine is a Windows XP SP1 completly patched with Office 2000 SP 3 
completly patched.

I don't have any kind of imaging programs installed (Photoshop, Picture It, 
etc)

The output from the SANS tool is:

Scanning...

C:\WINDOWS\$NtServicePackUninstall$\sxs.dll

   Version: 5.1.2600.0 <-- Vulnerable version

C:\WINDOWS\$NtUninstallKB839645$\sxs.dll

   Version: 5.1.2600.1106 <-- Vulnerable version

C:\WINDOWS\ServicePackFiles\i386\sxs.dll

   Version: 5.1.2600.1106 <-- Vulnerable version

C:\WINDOWS\system32\sxs.dll

   Version: 5.1.2600.1515

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll

   Version: 5.1.3097.0 <-- Vulnerable version

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll

   Version: 5.1.3101.0 <-- Vulnerable version

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll

   Version: 5.1.3102.1360

Scan Complete.

Does anybody know what the content of the WinSxS directory under the windows 
installation path is?

albatross





How did you test this (and on what platform), and why do you propose



that the SANS tool is delivering more accurate results than the GDI tool



delivered by Microsoft?







I tested the SANS tool against a properly patched XP system on Friday



and found it to false positive on many of the locations it said it



wouldn't test on.  Additionally, I found it to alert on MS09.dll, on an



XP system.  Our understanding from Microsoft is that MS09.DLL only needs



to be updated to be fully compatible with an updated GDIPLUS.DLL in the



system directory, it is not directly vulnerable.







So, it would be good to know what you found.







Best,







Gaby










From an earlier discussion on Bugtraq:


http://lists.sans.org/pipermail/list/2004-September/062106.html


From the page:


"from what I understand the WinSxS folder is a housing area for
shared .dll's to eliminate dll hell."

Here's a couple more links:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sbscs/setup/assembly_searching_sequence.asp

http://www.google.com/search?as_q=&num=10&hl=en&ie=UTF-8&btnG=Google+Search&as_epq=WinSxS&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_nlo=&as_nhi=&as_occt=any&as_dt=i&as_sitesearch=&safe=images

-- 
AH-TAH-HA-NE DI BAH-HAS-TKIH HANE-AL-NEH
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Code execution in Icecast 2.0.1, Luigi Auriemma
Next by Date:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Marco S Hyman
Previous by Thread:  Re: Microsoft's GDI Detetection Tool faults, albatross
Next by Thread:  RE: Microsoft's GDI Detetection Tool faults, Scott Jacobson
Indexes:  [Date] [Thread] [Top] [All Lists]