DANGER: GDI+/JPEG Vulnerability - Yes, Again in 2011
(Here's the utter joke)
Microsoft Security Bulletin MS04-028
Issued: September 14, 2004
Updated: December 14, 2004
Version: 3.0
(/end joke)
Today is Saturday, April 16th, 2011 and yes I am referencing a document from BACK IN 2004 !
I'm going to bet everyone reading this on the forum (bar the few who still have gdiscan.exe from SANS), has this Vulnerability again, Yes I said Again. Even though you patched up on patch Tuesday several years ago, the chances are pretty high you have this same vulnerability again, and it's again a ticking time bomb. And the sad part is there's no simple patch then, today, nor into the future.
Just a scan from my own system, and I came up with these.
C:\Program Files\Alchemy Mindworks\Pagan Daybook 3\GDIPLUS.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\CS Odessa\ConceptDraw 7 Professional\gdiplus.dll
Version: 5.1.3079.3 <-- Vulnerable version
C:\Program Files\Daniusoft\Video Converter\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\iSkysoft\FLV Converter\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Maizesoft\Maize Studio\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Pinnacle\VideoSpin\Programs\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Power CD DVD Recovery\GdiPlus.dll
Version: 5.1.3101.0 <-- Vulnerable version
C:\Program Files\TVUPlayer\GDIPLUS.DLL
Version: 6.0.3260.0 <-- Vulnerable version
As you can see some of these came from right here on GOTD / GGOTD
While, nothing sinister there, what is sinister is some of these are media related, and could have zapped me.
I have some opinion, then I will give the fix -- for now, I say for now, because who knows what happens EVERY TIME YOU INSTALL SOMETHING I GUESS WE NEED TO RESCAN?!
I post here in hopes that the software developers can be forced to get the message. And at the same time it's not an excuse to upgrade to a new version. Each of these developers ought to provide a fix, without an upgrade! This is important, as it should not be allowed to punish the users (with an upgraded, and now non-functional de-registered vaporware trial) because of their own sloppy mistakes and work!
The second thing here is the Microsoft end of the deal beginning with their lame excuse for a fix. http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Frankly at this point I would not even go to Microsoft for the fix, because god only knows what you might do to your system. Yet, We need to go there for the fix. Yeah psyop mind game I hear ya, that's what I call it too..
What We need from Microsoft is the file gdiplus.dll that's it. Go Get it. Extract it, get that file gdiplus.dll your going to copy it to each place the scanner found.
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en&pf=true
Then there's the SANS Scanner. Wonderful they pumped the tool out during all the confusion back in the day. But then for some unknown reason for a few years, it was unavailable. I mean literally a 404 error. Then suddenly today in 2011 I noticed it's back again from the twilight zone. http://isc.sans.edu/tools/gdiscan.html You want to download the GUI cause it will just make things simpler.
Okay, you have your scanner, you have the file to fix the files scanned.
You run your scanner, you rename the existing files to something else gdiplus.dll to gdiplus.dll.JUNK Pick your own named system, I don't care, delete them if you want. If you backup, then you can rollback if need be, but I don't have a need personally, so I would just delete for security sake. Then copy the new gdiplus.dll to the same directory. Rescan, Rinse, Repeat until the errors are gone.
I'm sure I'm missing something, and so you are welcome to fill in the blanks. It really is lame that I have to even take the time to bring this to people's attention, but what can I say, I just found it, what am I to do, be quiet about it, watch as my friends get zapped by it? If this thing doesn't work in your Windows 7, I don't know what to tell you to do, try setting the compatibility mode to XP, or else upgrade to WIN XP SP3 (Yeah, I am being very sarcastic.)
URL / TOOLS / RECAP
-------------------
Well laid out fix Info. Helps to understand what's happening.
http://www.lafn.org/webconnect/mentor/GdiJpegVulnerability/index.html
GDI Scan (tool) from SANS
http://isc.sans.edu/tools/gdiscan.html
Microsoft Security Bulletin MS04-028 Horribly laid out info, adds confusion.
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Platform SDK Redistributable: GDI+
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en&pf=true
In any effect, Go patch up, your welcome, enjoy! , or not. ;o)