GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Elli · 12-19-2004, 03:04 PM

http://www.microsoft.com/technet/sec.../MS04-028.mspx

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Issued: September 14, 2004
Updated: December 14, 2004
Version: 3.0
Summary

Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components.

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: None

Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information.

Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 833987 or the FAQ section of this security bulletin.

Tested Software and Security Update Download Locations:

Affected Software:
?

Microsoft Windows XP and Microsoft Windows XP Service Pack 1 ? Download the update (KB833987)
?

Microsoft Windows XP 64-Bit Edition Service Pack 1 ? Download the update (KB833987)
?

Microsoft Windows XP 64-Bit Edition Version 2003 ? Download the update (KB833987)
?

Microsoft Windows Server? 2003 ? Download the update (KB833987)
?

Microsoft Windows Server 2003 64-Bit Edition ? Download the update (KB833987)
?

Microsoft Office XP Service Pack 3 ? Download the update (KB832332)

Microsoft Office XP Service Pack 2 ? Download the administrative update (KB832332)

Microsoft Office XP Software:
?

Outlook® 2002
?

Word 2002
?

Excel 2002
?

PowerPoint® 2002
?

FrontPage® 2002
?

Publisher 2002
?

Access 2002
?

Microsoft Office 2003 ? Download the update (KB838905)

Microsoft Office 2003 Software:
?

Outlook® 2003
?

Word 2003
?

Excel 2003
?

PowerPoint® 2003
?

FrontPage® 2003
?

Publisher 2003
?

Access 2003
?

InfoPath? 2003
?

OneNote? 2003
?

Microsoft Project 2002 (all versions) and Microsoft Project 2002 Service Pack 1 (all versions) ? Download the update (KB831931)
?

Microsoft Project 2003 (all versions) ? Download the update (KB838344)
?

Microsoft Visio 2002 Service Pack 1 (all versions) and Microsoft Visio 2002 Service Pack 2 (all versions) ? Download the update (KB831932)
?

Microsoft Visio 2003 (all versions) ? Download the update (KB838345)
?

Microsoft Visual Studio .NET 2002 ? Download the update (KB830348)

Microsoft Visual Studio .NET 2002 Software:
?

Visual Basic .NET Standard 2002
?

Visual C# .NET Standard 2002
?

Visual C++ .NET Standard 2002
?

Microsoft Visual Studio .NET 2003 ? Download the update (KB830348)

Microsoft Visual Studio .NET 2003 Software:
?

Visual Basic .NET Standard 2003
?

Visual C# .NET Standard 2003
?

Visual C++ .NET Standard 2003
?

Visual J# .NET Standard 2003
?

Microsoft Visual FoxPro 8.0 ? Download the update (KB887684)
?

Microsoft Visual FoxPro 8.0 Runtime Library ? Download the update (KB887685)
?

The Microsoft .NET Framework version 1.0 SDK Service Pack 2 ? Download the update (KB830348) or Download the Microsoft .NET Framework version 1.0 Service Pack 3 (KB867461)
?

Microsoft Picture It!® 2002 (all versions) ? Download the update
?

Microsoft Greetings 2002 ? Download the update
?

Microsoft Picture It! version 7.0 (all versions) ? Download the update
?

Microsoft Digital Image Pro version 7.0 ? Download the update
?

Microsoft Picture It! version 9 (all versions, including Picture It! Library) ? Download the update
?

Microsoft Digital Image Pro version 9 ? Download the update
?

Microsoft Digital Image Suite version 9 ? Download the update
?

Microsoft Producer for Microsoft Office PowerPoint (all versions) ? Download the update
?

Microsoft Platform SDK Redistributable: GDI+ - Download the update

Office Users Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section. Office 2003 Service Pack 1, Visio 2003 Service Pack 1, and Project 2003 Service Pack 1 contain an updated version of the affected component and are not affected. Customers that have installed these service packs do not need to install the available security updates for these products. We recommend that customers who are using the Visio 2002 Viewer, Visio 2003 Viewer, or PowerPoint 2003 Viewer programs read the following FAQs for more information about these programs.

MSN 9 Users Note MSN 9 distributes Picture It! Express version 9 and Picture It! Library. You have the option to install these programs when you install MSN 9. You should install the Picture It! version 9 update only if you installed Picture It! Express version 9 or Picture It! Library when you installed MSN 9.

Affected Components:
?

Internet Explorer 6 Service Pack 1 - Download the update (KB833989)
?

The Microsoft .NET Framework version 1.0 Service Pack 2 ? Download the update (KB830348) or Download the Microsoft .NET Framework version 1.0 Service Pack 3 (KB867461)
?

The Microsoft .NET Framework version 1.1 ? Download the update (KB830348) or Download the Microsoft .NET Framework version 1.1 Service Pack 1 (KB867460)
?

Windows Journal Viewer ? Download the update (KB886179)

Non-Affected Software
?

Microsoft Windows NT Server 4.0 Service Pack 6a
?

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
?

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
?

Microsoft Windows XP Service Pack 2
?

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
?

Microsoft Office 2003 Service Pack 1
?

Microsoft Office 2000
?

Microsoft Visio 2003 Service Pack 1
?

Microsoft Visio 2000
?

Microsoft Project 2003 Service Pack 1
?

Microsoft Project 2000
?

Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10, Picture It! Premium 10
?

The Microsoft .NET Framework version 1.1 SDK
?

Microsoft Works (all versions)
?

Microsoft Systems Management Server (all versions)
?

Microsoft SQL Server Reporting Services
?

Microsoft Broadband Networking

Non-Affected Components:
?

Internet Explorer 5.01 Service Pack 3 on Windows 2000 Service Pack 3
?

Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
?

Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition
?

The Microsoft .NET Framework version 1.0 Service Pack 3
?

The Microsoft .NET Framework version 1.1 Service Pack 1
?

The Microsoft .NET Framework version 1.1 Service Pack 1 for Windows Server 2003

Note The non-affected versions of Windows do not natively contain the vulnerable component. However, the vulnerable component is installed on these non-affected operating systems when you install any of the software programs or components that are listed in the Affected Software and Affected Components sections of this bulletin. See the FAQ section of this bulletin for more information.

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

12-19-2004, 03:04 PM
Elli Reach for those stars! Industry Role: Join Date: Apr 2003 Location: Vancouver, BC Posts: 17,991	New XP patch: JPG exploit! Yikes! http://www.microsoft.com/technet/sec.../MS04-028.mspx Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) Issued: September 14, 2004 Updated: December 14, 2004 Version: 3.0 Summary Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation: Customers should apply the update immediately. Security Update Replacement: None Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information. Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 833987 or the FAQ section of this security bulletin. Tested Software and Security Update Download Locations: Affected Software: ? Microsoft Windows XP and Microsoft Windows XP Service Pack 1 ? Download the update (KB833987) ? Microsoft Windows XP 64-Bit Edition Service Pack 1 ? Download the update (KB833987) ? Microsoft Windows XP 64-Bit Edition Version 2003 ? Download the update (KB833987) ? Microsoft Windows Server? 2003 ? Download the update (KB833987) ? Microsoft Windows Server 2003 64-Bit Edition ? Download the update (KB833987) ? Microsoft Office XP Service Pack 3 ? Download the update (KB832332) Microsoft Office XP Service Pack 2 ? Download the administrative update (KB832332) Microsoft Office XP Software: ? Outlook® 2002 ? Word 2002 ? Excel 2002 ? PowerPoint® 2002 ? FrontPage® 2002 ? Publisher 2002 ? Access 2002 ? Microsoft Office 2003 ? Download the update (KB838905) Microsoft Office 2003 Software: ? Outlook® 2003 ? Word 2003 ? Excel 2003 ? PowerPoint® 2003 ? FrontPage® 2003 ? Publisher 2003 ? Access 2003 ? InfoPath? 2003 ? OneNote? 2003 ? Microsoft Project 2002 (all versions) and Microsoft Project 2002 Service Pack 1 (all versions) ? Download the update (KB831931) ? Microsoft Project 2003 (all versions) ? Download the update (KB838344) ? Microsoft Visio 2002 Service Pack 1 (all versions) and Microsoft Visio 2002 Service Pack 2 (all versions) ? Download the update (KB831932) ? Microsoft Visio 2003 (all versions) ? Download the update (KB838345) ? Microsoft Visual Studio .NET 2002 ? Download the update (KB830348) Microsoft Visual Studio .NET 2002 Software: ? Visual Basic .NET Standard 2002 ? Visual C# .NET Standard 2002 ? Visual C++ .NET Standard 2002 ? Microsoft Visual Studio .NET 2003 ? Download the update (KB830348) Microsoft Visual Studio .NET 2003 Software: ? Visual Basic .NET Standard 2003 ? Visual C# .NET Standard 2003 ? Visual C++ .NET Standard 2003 ? Visual J# .NET Standard 2003 ? Microsoft Visual FoxPro 8.0 ? Download the update (KB887684) ? Microsoft Visual FoxPro 8.0 Runtime Library ? Download the update (KB887685) ? The Microsoft .NET Framework version 1.0 SDK Service Pack 2 ? Download the update (KB830348) or Download the Microsoft .NET Framework version 1.0 Service Pack 3 (KB867461) ? Microsoft Picture It!® 2002 (all versions) ? Download the update ? Microsoft Greetings 2002 ? Download the update ? Microsoft Picture It! version 7.0 (all versions) ? Download the update ? Microsoft Digital Image Pro version 7.0 ? Download the update ? Microsoft Picture It! version 9 (all versions, including Picture It! Library) ? Download the update ? Microsoft Digital Image Pro version 9 ? Download the update ? Microsoft Digital Image Suite version 9 ? Download the update ? Microsoft Producer for Microsoft Office PowerPoint (all versions) ? Download the update ? Microsoft Platform SDK Redistributable: GDI+ - Download the update Office Users Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section. Office 2003 Service Pack 1, Visio 2003 Service Pack 1, and Project 2003 Service Pack 1 contain an updated version of the affected component and are not affected. Customers that have installed these service packs do not need to install the available security updates for these products. We recommend that customers who are using the Visio 2002 Viewer, Visio 2003 Viewer, or PowerPoint 2003 Viewer programs read the following FAQs for more information about these programs. MSN 9 Users Note MSN 9 distributes Picture It! Express version 9 and Picture It! Library. You have the option to install these programs when you install MSN 9. You should install the Picture It! version 9 update only if you installed Picture It! Express version 9 or Picture It! Library when you installed MSN 9. Affected Components: ? Internet Explorer 6 Service Pack 1 - Download the update (KB833989) ? The Microsoft .NET Framework version 1.0 Service Pack 2 ? Download the update (KB830348) or Download the Microsoft .NET Framework version 1.0 Service Pack 3 (KB867461) ? The Microsoft .NET Framework version 1.1 ? Download the update (KB830348) or Download the Microsoft .NET Framework version 1.1 Service Pack 1 (KB867460) ? Windows Journal Viewer ? Download the update (KB886179) Non-Affected Software ? Microsoft Windows NT Server 4.0 Service Pack 6a ? Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ? Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 ? Microsoft Windows XP Service Pack 2 ? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) ? Microsoft Office 2003 Service Pack 1 ? Microsoft Office 2000 ? Microsoft Visio 2003 Service Pack 1 ? Microsoft Visio 2000 ? Microsoft Project 2003 Service Pack 1 ? Microsoft Project 2000 ? Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10, Picture It! Premium 10 ? The Microsoft .NET Framework version 1.1 SDK ? Microsoft Works (all versions) ? Microsoft Systems Management Server (all versions) ? Microsoft SQL Server Reporting Services ? Microsoft Broadband Networking Non-Affected Components: ? Internet Explorer 5.01 Service Pack 3 on Windows 2000 Service Pack 3 ? Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4 ? Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition ? The Microsoft .NET Framework version 1.0 Service Pack 3 ? The Microsoft .NET Framework version 1.1 Service Pack 1 ? The Microsoft .NET Framework version 1.1 Service Pack 1 for Windows Server 2003 Note The non-affected versions of Windows do not natively contain the vulnerable component. However, the vulnerable component is installed on these non-affected operating systems when you install any of the software programs or components that are listed in the Affected Software and Affected Components sections of this bulletin. See the FAQ section of this bulletin for more information. The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site. __________________ Make More Money with Cams and Dating at FFN.com! email: [email protected]