|
Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability
Solution: Microsoft has released a security bulletin MS04-028 and fixes to address this issue in affected products. Additionally, the vendor reports that this issue is addressed in Microsoft Office 2003 Service Pack 1 for Office 2003, Microsoft Visio 2003 Service Pack 1 for Visio 2003 and Microsoft Project 2003 Service Pack 1 for Project 2003. The vendor also reports that customers that have installed MSN 9, and have chosen to install Picture It! Express version 9 and Picture It! Library, should install the Picture It! version 9 update. Customers are advised to access the referenced advisory for further information pertaining to obtaining and applying appropriate updates. Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Customers are advised to apply the appropriate fix for Microsoft Internet Explorer to the affected Avaya Platforms. Please see the referenced Avaya advisory at the following location for further details: http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=202196&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate() Microsoft has released a revision to their original advisory. Microsoft Office XP service pack 2 has been reported vulnerable to this issue. The update released for Office XP service pack 3 will patch this issue. Business Objects has issued fixes for Crystal Reports 9 and 10 and Crystal Enterprise 9 and 10. Microsoft has updated bulletin MS04-028 to include new fixes for Visual FoxPro 8.0, Visual FoxPro 8.0 Runtime Library, .NET Framework 1.0 Service Pack 2, and .NET Framework 1.1. Additionally, Windows Messenger 5.1 has been released containing a fixed version of the vulnerable library. Symantec products such as Norton SystemWorks, Norton Password Manager, and Symantec Norton Internet Security Professional do include the affected library but are not prone to this vulnerability since the library is not used to process JPEG images. Nonetheless, updated versions of the library may be obtained through LiveUpdate. Further details may be found in the attached "Symantec Completes Update of Microsoft's Graphic Device Interface Component" advisory. Microsoft Greetings 2002
Microsoft Project 2002 SP1
Microsoft Office XP SP3
Microsoft Picture It! 2002
Microsoft Digital Image Suite 9.0
Microsoft Picture It! Library
Microsoft Digital Image Pro 7.0
Microsoft Platform SDK Redistributable: GDI+
Microsoft Visual FoxPro Runtime Library 8.0
GOST 34.19-2001 Standard Implementation 1.1
Microsoft .NET Framework SDK 1.0
Microsoft Office 2003 0
Microsoft Digital Image Pro 9.0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Visual Studio .NET 2003
Microsoft Visio 2003 Professional
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Visual FoxPro 8.0
Microsoft Producer for Microsoft Office PowerPoint
Microsoft Project 2003
Microsoft Visio 2002 Professional SP2
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home
Microsoft Visual Studio .NET 2002
Microsoft Windows XP Home SP1
Microsoft Office XP SP2
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Internet Explorer 6.0 SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows XP 64-bit Edition Version 2003
GOST 34.19-2001 Standard Implementation 1.0 SP2
Microsoft Windows XP 64-bit Edition
Microsoft Visio 2002 Standard SP2
Microsoft .NET Framework SDK 1.0 SP1
Microsoft Visio 2003 Standard
Microsoft Picture It! 9.0
Microsoft .NET Framework SDK 1.0 SP2
Microsoft Windows XP Professional
Microsoft Picture It! 7.0
Microsoft Windows XP Professional SP1
Microsoft Windows Messenger 5.0
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Business Objects Crystal Reports 10.0
Business Objects Crystal Enterprise 10.0
|
|
|
Privacy Statement |
