New JPEG Vulnerability - what about older versions of Office?

Hi.  I see from the media that the new M$ JPEG vulnerability is said to apply to Windows XP and some other recent products.

The M$ site doesn't mention any previous products being affected.

Does anyone know if Office 97 running on Windows 2000 Pro would be vulnerable to this?

Likewise, Office 97 running on Windows XP?

Who is Participating?
blue_zeeConnect With a Mentor Commented:

Office 97 has no problems.

Full report here:

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

See -->

The flaw exists in a generally-used (i.e. not limited to a specific app) DLL called GDIPLUS.DLL - part of the Windoze DLL Hell.

The reason they don't list older versions is they don't support the older versions. Omitting information liek that is yet another way to scare you into forking over more money for an "upgrade". My money would be on the older software being vulnerable.

Perhaps this is a time for you to consider alternatives to the expensive and bloated M$ Office suite. OpenOffice, perhaps>

Why not download that (or Sun's StarOffice) and give it a whirl. What do you have to lose?
chris_calabreseConnect With a Mentor Commented:
If you want to know for sure whether you're vulnerable, use scanner put together by SANS at
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

FYI - A digital image carrying code to exploit the vulnerability is easy to spot, because the image is corrupted by the new code.

Keep i mind that before this vulnerability can take place, you will have to somehow unknowingly install the virus payload and a virus program that will extract the bad code from the image files before it can do anything.

I would contact your antivirus vendor and make sure they are addressing the searching and removal of the code extracting program.

I personally am not concerned at all as I constantly updat my definitions and never install anything from an unknown source.


Windows XP is affected!!


You can also scan your system here for affected software:

The GDISCAN from SANS is alot better than trusting windows updates. However, so fat the worse I seen this exploit do is crash the browser.

Also, it's not just the GDIPLUS.dll , also sxs.dll and i'm sure others. To answer your question if MS office 97 is afftectted, I would say yes, but to be sure I would check for updates at:

and like chris stated above use the tool at:

You can be expecting a worm soon to be exploiting this vuln. soon. So be prepaired.,

and it's not just crash the browser - there are now exploits that execute arbitrary code - and they're being used in actual attacks in the wild
vknowlesAuthor Commented:
Thanks, chris and Zee.

I scanned with the SANS and M$ scanners and everything was okay (having already patched IE).

Zee, I wanted to point out that M$ no longer supports Office 97 and is not issuing patches for it.

But a system running Win2K and Office 97 is safe so long as any other affected software that might be on it is patched.  That would most likely be IE, but Windows Update takes care of that.

Thanks again!
vknowlesAuthor Commented:
Oops, I actually meant the "accepted answer" to go to chris, but I must have clicked on the other one.  Still, I think I split the points the way I meant to.
I see that the non-Microsoft scan tools are looking at other DLLs, namely MSO.dll, vgx.dll, and sxs.dll.

Do we have a credible source for these DLLs also being vulernable?
vknowlesAuthor Commented:
Credible source?  Well, I sort of think of SANS as being a credible source...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.