Solved

New JPEG Vulnerability - what about older versions of Office?

Posted on 2004-09-24
12
262 Views
Last Modified: 2010-04-11
Hi.  I see from the media that the new M$ JPEG vulnerability is said to apply to Windows XP and some other recent products.

The M$ site doesn't mention any previous products being affected.

Does anyone know if Office 97 running on Windows 2000 Pro would be vulnerable to this?

Likewise, Office 97 running on Windows XP?

Thanks!
0
Comment
Question by:vknowles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +4
12 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12145223
See --> http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

The flaw exists in a generally-used (i.e. not limited to a specific app) DLL called GDIPLUS.DLL - part of the Windoze DLL Hell.

The reason they don't list older versions is they don't support the older versions. Omitting information liek that is yet another way to scare you into forking over more money for an "upgrade". My money would be on the older software being vulnerable.

Perhaps this is a time for you to consider alternatives to the expensive and bloated M$ Office suite. OpenOffice, perhaps> http://www.openoffice.org

Why not download that (or Sun's StarOffice) and give it a whirl. What do you have to lose?
0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 200 total points
ID: 12145411
If you want to know for sure whether you're vulnerable, use scanner put together by SANS at http://isc.sans.org/gdiscan.php
0
 
LVL 10

Expert Comment

by:jayca
ID: 12145523
FYI - A digital image carrying code to exploit the vulnerability is easy to spot, because the image is corrupted by the new code.

Keep i mind that before this vulnerability can take place, you will have to somehow unknowingly install the virus payload and a virus program that will extract the bad code from the image files before it can do anything.

I would contact your antivirus vendor and make sure they are addressing the searching and removal of the code extracting program.

I personally am not concerned at all as I constantly updat my definitions and never install anything from an unknown source.

http://www.cd-rw.org/news/archive/3034.cfm
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 29

Accepted Solution

by:
blue_zee earned 50 total points
ID: 12145613

Office 97 has no problems.

Full report here:

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12145625

BUT:

Windows XP is affected!!

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 12145639

You can also scan your system here for affected software:

http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

Zee
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12147124
The GDISCAN from SANS is alot better than trusting windows updates. However, so fat the worse I seen this exploit do is crash the browser.

Also, it's not just the GDIPLUS.dll , also sxs.dll and i'm sure others. To answer your question if MS office 97 is afftectted, I would say yes, but to be sure I would check for updates at:

http://office.microsoft.com/en-us/officeupdate/default.aspx

and like chris stated above use the tool at:
http://isc.sans.org/gdiscan.php

You can be expecting a worm soon to be exploiting this vuln. soon. So be prepaired.

Tech-Security.com,

Jorden
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 12147512
and it's not just crash the browser - there are now exploits that execute arbitrary code - and they're being used in actual attacks in the wild
0
 
LVL 1

Author Comment

by:vknowles
ID: 12153063
Thanks, chris and Zee.

I scanned with the SANS and M$ scanners and everything was okay (having already patched IE).

Zee, I wanted to point out that M$ no longer supports Office 97 and is not issuing patches for it.

But a system running Win2K and Office 97 is safe so long as any other affected software that might be on it is patched.  That would most likely be IE, but Windows Update takes care of that.

Thanks again!
0
 
LVL 1

Author Comment

by:vknowles
ID: 12153066
Oops, I actually meant the "accepted answer" to go to chris, but I must have clicked on the other one.  Still, I think I split the points the way I meant to.
0
 
LVL 41

Expert Comment

by:graye
ID: 12153362
I see that the non-Microsoft scan tools are looking at other DLLs, namely MSO.dll, vgx.dll, and sxs.dll.

Do we have a credible source for these DLLs also being vulernable?
0
 
LVL 1

Author Comment

by:vknowles
ID: 12159368
Credible source?  Well, I sort of think of SANS as being a credible source...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month8 days, 10 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question