|
|
Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability
Solution: Microsoft has released a security bulletin MS04-028 and fixes to address this issue in affected products. Additionally, the vendor reports that this issue is addressed in Microsoft Office 2003 Service Pack 1 for Office 2003, Microsoft Visio 2003 Service Pack 1 for Visio 2003 and Microsoft Project 2003 Service Pack 1 for Project 2003. The vendor also reports that customers that have installed MSN 9, and have chosen to install Picture It! Express version 9 and Picture It! Library, should install the Picture It! version 9 update. Customers are advised to access the referenced advisory for further information pertaining to obtaining and applying appropriate updates. Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Customers are advised to apply the appropriate fix for Microsoft Internet Explorer to the affected Avaya Platforms. Please see the referenced Avaya advisory at the following location for further details: http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=202196&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate() Microsoft has released a revision to their original advisory. Microsoft Office XP service pack 2 has been reported vulnerable to this issue. The update released for Office XP service pack 3 will patch this issue. Business Objects has issued fixes for Crystal Reports 9 and 10 and Crystal Enterprise 9 and 10. Microsoft has updated bulletin MS04-028 to include new fixes for Visual FoxPro 8.0, Visual FoxPro 8.0 Runtime Library, .NET Framework 1.0 Service Pack 2, and .NET Framework 1.1. Additionally, Windows Messenger 5.1 has been released containing a fixed version of the vulnerable library. Symantec products such as Norton SystemWorks, Norton Password Manager, and Symantec Norton Internet Security Professional do include the affected library but are not prone to this vulnerability since the library is not used to process JPEG images. Nonetheless, updated versions of the library may be obtained through LiveUpdate. Further details may be found in the attached "Symantec Completes Update of Microsoft's Graphic Device Interface Component" advisory. Microsoft Project 2002 SP1
Microsoft PowerPoint 2003 0
Microsoft Picture It! Library
Microsoft Digital Image Pro 7.0
Microsoft Visio 2003
Microsoft .NET Framework SDK 1.0
Microsoft Digital Image Pro 9.0
Microsoft Visual Basic .NET Standard 2002
Microsoft OneNote 2003 0
Microsoft Visual C++ .NET Standard 2002
Microsoft Visual FoxPro 8.0
Microsoft FrontPage 2003
Microsoft Visio 2002 Professional SP2
Microsoft Visual C# .NET Standard 2003
Microsoft Outlook 2002 SP3
Microsoft Word 2003
Microsoft Visual C++ .NET Standard 2003
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft PowerPoint 2002 SP2
Microsoft Publisher 2002 SP3
Microsoft Visual J# .NET Standard 2003
Microsoft Internet Explorer 6.0 SP1
Microsoft Visio 2002 SP2
Microsoft Windows Server 2003 Standard Edition
Microsoft .NET Framework 1.0 SP2
Microsoft Visio 2002 Standard SP2
Microsoft InfoPath 2003
Microsoft Visio 2003 Standard
Microsoft Picture It! 9.0
Microsoft .NET Framework SDK 1.0 SP2
Microsoft Picture It! 7.0
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Visual C# .NET Standard 2002
Microsoft Greetings 2002
Microsoft PowerPoint 2002 SP3
Microsoft Picture It! 2002
Microsoft Office XP SP3
Microsoft Digital Image Suite 9.0
Microsoft Visual FoxPro Runtime Library 8.0
Microsoft Platform SDK Redistributable: GDI+
Microsoft .NET Framework 1.1
Microsoft Office 2003 0
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Excel 2003
Microsoft FrontPage 2002 SP3
Microsoft Visual Studio .NET 2003
Microsoft Outlook 2003 0
Microsoft Excel 2002 SP3
Microsoft Visual Basic .NET Standard 2003
Microsoft Visio 2003 Professional
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Word 2002 SP3
Microsoft Producer for Microsoft Office PowerPoint
Microsoft PowerPoint 2002 SP1
Microsoft Project 2003
Microsoft Windows Server 2003 Web Edition
Microsoft Visual Studio .NET 2002
Microsoft Windows XP Home
Microsoft PowerPoint 2002
Business Objects Crystal Enterprise 10.0
Business Objects Crystal Reports 10.0
|
|
Privacy Statement |