ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   security risk in jpegs FFS! (https://www.scoobynet.com/computer-and-technology-related-34/362066-security-risk-in-jpegs-ffs.html)

GaryK 15 September 2004 09:39 AM
security risk in jpegs FFS!
 
as per title http://news.zdnet.co.uk/0,39020330,39166677,00.htm completely unbelievable M$ need to pull their heads out of their arses!

Iain Young 15 September 2004 10:08 AM
So what. A bug has been found, and they've already fixed it. As long as you keep your machine up to date, you shouldn't have a problem.

angrynorth 15 September 2004 07:12 PM
...and for the millions of people who don't read tech news and don't update their systems, what do they do other than be susceptible to this flaw?

ChrisB 15 September 2004 07:30 PM
Originally Posted by Iain Young
So what. A bug has been found, and they've already fixed it. As long as you keep your machine up to date, you shouldn't have a problem.
It's not that simple.

You need to visit Windows Update and Office Update to start with. The Office XP patch needs Office XP SP3 to start with.

However, the DLL in question (GDIPlus.dll) can also be shipped with 3rd party applications for JPEG 'display' (to put it simply). How do you know which application is patched? Which application uses which DLL?

MS have previously advised developers to install the .DLL into their Program Folder and not %SystemRoot%. Best start searching your whole PC for it.

I know of cases of the scan tool telling a user the PC is vulnerable but Windows Update and Office Update not offering the patch.

Nothing in the wild yet but...

SJ_Skyline 15 September 2004 08:58 PM
IIRC Jpegs have a thumbnail of themselves included in their encoding. I guess that this exploit is something to do with this and the preview pane in explorer?

CTR 15 September 2004 09:44 PM
Just a couple of questions.

How many people here write code?
If you do, how many people write code for a product that has as many lines as code in it as Windows and associated applications has in it?
So that will be none then :D
Just in case there are any people left, how many people write code for a product where thousands if not millions of people actively look for security flaws in it?
So that will definately be zero then :D

All the people who answered yes to the first question, can I buy your software with a guarantee of zero bugs, and zero security flaws. Thought not :D

Patch has been released, its upto people to keep their compooters patched properly.

Wasnt some other browser think it was called Opera having its praises sung on here, only for a load of security flaws to be found in it :D

JackClark 16 September 2004 10:18 AM
I'm with you CTR. This style of MS bashing is a bit like complaining to your builder because a burglar managed to break into your house.


All times are GMT +1. The time now is 09:00 PM.


© 2024 MH Sub I, LLC dba Internet Brands