Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Updated GDI+ merge module
Message
 
À
27/09/2004 15:50:46
Dragan Nedeljkovich (En ligne)
Now officially retired
Zrenjanin, Serbia
Information générale
Forum:
Visual FoxPro
Catégorie:
InstallShield
Titre:
Re: Updated GDI+ merge module
Divers
Thread ID:
00946109
Message ID:
00946559
Vues:
19
>>We are bombarded with critical warnings about the GDI+ buffer overrun exploit but the response from Installshield and MS is somewhat underwhelming if one wants the logical solution for distribs, i.e. a new MSM build.
>>
>>I have downloaded a new build of GDIplus.dll (5.1.3102.1360) from http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx so what's the go now?
>
>Fox is not mentioned on that page... don't know whether we should worry at all :).
>

Dragan

'Our' build, i.e. the one installed with VFP8 and the one in the MSM that accompanies VFP8, is 5.1.3097.0 which is branded as insecure on the MS security bulletin site.

Yes, we should worry about it! As I said in my full post, it may not be the case that an app is expected to encounter one of the 'carefully crafted' JPGs that allegedly make the exploit work, but in my experience system administrators don't want to know that stuff anyway. When they look for someone to blame after a security lapse, I want to plausibly claim my app is squeaky clean.

John Burton :)
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform