Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Updated GDI+ merge module
Message
 
To
27/09/2004 15:50:46
Dragan Nedeljkovich (Online)
Now officially retired
Zrenjanin, Serbia
General information
Forum:
Visual FoxPro
Category:
InstallShield
Title:
Re: Updated GDI+ merge module
Miscellaneous
Thread ID:
00946109
Message ID:
00946559
Views:
20
>>We are bombarded with critical warnings about the GDI+ buffer overrun exploit but the response from Installshield and MS is somewhat underwhelming if one wants the logical solution for distribs, i.e. a new MSM build.
>>
>>I have downloaded a new build of GDIplus.dll (5.1.3102.1360) from http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx so what's the go now?
>
>Fox is not mentioned on that page... don't know whether we should worry at all :).
>

Dragan

'Our' build, i.e. the one installed with VFP8 and the one in the MSM that accompanies VFP8, is 5.1.3097.0 which is branded as insecure on the MS security bulletin site.

Yes, we should worry about it! As I said in my full post, it may not be the case that an app is expected to encounter one of the 'carefully crafted' JPGs that allegedly make the exploit work, but in my experience system administrators don't want to know that stuff anyway. When they look for someone to blame after a security lapse, I want to plausibly claim my app is squeaky clean.

John Burton :)
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform