|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
From: Drews, Jane E (jane-drews
UIOWA.EDU)
Date: Fri Oct 01 2004 - 09:55:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>Using the SANS GDI detection tool, it located vulnerable gdiplus.dll
files in other folders not mentioned on websites -
> Version: 5.1.3097.0 <-- Vulnerable version C:\Program
Files\WS_FTP Pro\gdiplus.dll
We talked to Ipswitch about versions 9.0 and 9.01 of WS-FTP Pro, which
were detected by the GDI tool as vulnerable. (Version 7.62 was not
detected as vulnerable.) Ipswitch technical support responded that
their testing indicated WS-FTP Pro is not vulnerable.
We also had Dreamweaver reported by the tool as vulnerable. Macromedia
responded to our inquiry that it's not. See
http://www.macromedia.com/devnet/security/security_zone/mpsb04-07.html
Jane Drews
Univ of Iowa
--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]