Code to exploit Windows graphics flaw now public - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Code to exploit Windows graphics flaw now public

  1. #21
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It would be entirely possible to force a user to visit a malicious site. It's called a pop-up. We see them all the time.
    But you aren't forcing the user to visit the site that initiates the popup thus you can't _force_ the user to visit the infected site. If you have that much control over the initial site that you can make it initiate the popup then why wouldn't you just insert the jpg in the initial site. Your point doesn't seem to make sense..... Am I missing something?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #22
    Senior Member
    Join Date
    Aug 2002
    Posts
    113
    I was wondering if anyone knew of a tool like GDIScan but did not have to be run locally. I need an enterprise solution. We are running many different versions of office. And you all know that to ask 25,000+ users to run their own GDIScan locally is not a viable option. Even if we did have them run it locally, they would not know what to do from there.

    So I guess the bottom line is: Are there any tools out there, like landesk, that will help with the enterprise wide scan?

    TIA
    Civilization. The death of dreams.

  3. #23
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Microsoft Baseline Security Analyzer V1.2.1 can help you for Windows Patch but it cannot scan Office Remotely!
    -Simon \"SDK\"

  4. #24
    Senior Member
    Join Date
    Aug 2002
    Posts
    113
    Well, I was using baseline to check for the XP SP1 GDI patch. But you are correct, that is not capeable of scanning MS Office. Since that post I have already started using Hfnetchk Pro. Awesome program, everyone working in a large scale network should check it out.

    On another note, when and if this ever hits in mass, there are going to be quite a few admins out there caught with their pants down. With so many versions of office out there with different levels of SPs it is quite demanding to patch. But Visio and Project also have seperate patches that are not covered in the Office updates. Ouch...this sucks.

    Just to let everyone know, SUS v.2 should be out early next year. It is the long anticipated follow up to v.1 that will support Office updates. Thank god.

    I have just one more question, I read on here that XP SP1 is still vuln after applying the patch ( I am almost afraid to ask because the last poor soul got neg'd to death.) and that SP2 is the only way to be completely safe. Is there some article I can reference for this? It can make a big difference in wether we start pushing SP2 from our test group into the AD production groups.

    TIA
    Civilization. The death of dreams.

  5. #25
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604

    New version of GDIreporter

    There is a new version of the GDIPlus Reporting Tool. Fixes are outlined
    below:

    Version 1.1.3.0 - 09/29/2004
    * Fixed - UI problem where "Tabs" pane did not expand vertically
    when the form was expanded
    Version 1.1.2.0 - 09/29/2004
    * Fixed - bug that caused an exception when a "directory path" was
    too long (2nd bug of this type)
    Version 1.1.1.0 - 09/28/2004
    * Added - Right-Mouse (Context) menu to the "Search Paths",
    "Execution Status" and "Search Results" output panes
    * Fixed - bug that caused an exception when a "directory path" was
    too long
    Version 1.1.0.0 - 09/22/2004
    * Added - Ability to specify a "Machine" name and have all of the
    logical drives added to the "Search Paths" as "Administrative Shares"
    * Added - Link to web site from the "Help" menu
    * Changed - "Search Paths" user interface
    * Changed - "Search Paths" information can now be Copied, Printed,
    and Saved
    * Fixed - bug that caused an exception when a directory that the
    user did not have access to was encountered
    * Fixed - bug that caused an exception when an attempt to add a
    "Search Path" to the list was already in the list
    Version 1.0.1.0 - 09/21/2004
    * Fixed - bug where search path did not contain a full path (D: rather
    than D:\)
    Version 1.0.0.0 - 09/16/2004
    Initial Release - No revision history

    Homepage: http://www.dynicity.com/products/gdireporter.aspx


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides