Blue Event Horizon <invalid@nospamneeded.com>:
I run w98se + msie55sp2 (+ some fragments of MSO 2000). Products
which msft did not list in that bulletin for special patch needs.
Same time, I do have a handful of freeware progs which use the
gdiplus.dll.
My initial Gdiscan output:
D:\APPS\zbin\Common Files\Microsoft Shared\VGX\vgx.dll
Version: 5.0.3014.1003 <-- Possibly vulnerable
(Win2K SP2 and SP3 w/IE6 SP1 only)
D:\wcoa\system\shared\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
I've now replaced gdiplus.dll in my shared folder.
OLD
gdiplus.dll 5.1.3097.0 (xpclient.010817-1148)
NEW
gdiplus.dll 5.1.3102.1360 (xpsp2.040109-1800)
direct download (extractable file containing gdiplus.dll):
http://download.microsoft.com/downlo...iplus_dnld.exe
description:
http://www.microsoft.com/downloads/d...displaylang=en
<quoted>
Platform SDK Redistributable: GDI+
File Name: gdiplus_dnld.exe // contents - gdiplus.dll & readmes
Download Size: 1017 KB
Date Published: 9/14/2004
Version: 3102.1360
Supported Operating Systems:
Windows 2000, Windows 98, Windows ME, Windows NT, Windows XP
Instructions
1. Download the file by clicking on its link.
2. Install the packaged content by running the self-extracting
executable file. This will create a directory structure containing
the redistributable files. You have control over the installation
location.
</quoted>
As your post basically indicated, there's apparently a messy assortment
of pathways and hassles involved for updating diverse commercial MSFT
products, particularly some of its later MS Office items. Since none
of that applies to my system, I did not try to read through there.
Concerning the gdiplus.dll in the <gdiplus_dnld.exe> download, below
are the primary excerpts from the included redist.txt file (addressed
to developers who are redistributing this DLL with their app).
| You may distribute gdiplus.dll solely for use with Windows 2000,
| Windows Millennium Edition, Windows NT 4.0 and Windows 98.
|
| For Windows XP use the system-supplied gdiplus.dll. Do not install
| a new gdiplus.dll over the system-supplied version (it will fail due
| to Windows File Protection).
|
| For Windows 2000, Windows Millennium Edition, Windows NT 4.0 and
| Windows 98, install gdiplus.dll into the private directory of the
| application not into the system directory.
On my system (w98 w/o all those MSO apps), and this is only my personal
preference (!not advice), I have my freeware progs all share that same
file, from a common directory. Additionally, I've made the choice to go
ahead now and update that shared gdiplus.dll that they will use, to the
later one.
(If it one day comes to pass that I get a complaint from one of the progs
which have the gdiplus dependendency - which could, say, lead to discovery
that the prog was written to only work with the earlier version of the DLL,
I'd then of course modify my arrangements.)
I did a quick launch just now, after my gdiplus.dll update, to see if any
concerned parties had complaints.
TrackerV3
HandySnap
Rainmeter
While it was only brief launch, not a work-out through all functions,
I have the impression everyone in that group is fine with things.
These are not the only freeware progs I've installed which require that
DLL. For this post, to gather a list of names, the fastest means I could
think to get a report on that was by doing a drive search with gdiplus.dll
in the containing text: field. That technique doesn't catch everybody, but
catches some. Below is a list of results, from my archives drive.
PIXresizer
XILG, XML Image List
Websmill
Documentor
Those in the list above are programs I've decisively chosen not to use,
for various reasons. But I figure could be of possible use that I list
their names here. At least, for the sake of backing up an observation:
It is that an increasing number of programs are written to use gdiplus.dll.
As to the basic question? Was I even vulnerable where I even needed this
update? Well, I decided not to spend time on web searches in search of
getting that clarified. To be honest, I barely even glanced at the
security papers. (It's in my habits to update common libraries, so that
was adequate motive for me to change to the new gdiplus.dll.)
For anyone who scrolled past this whole post, and might feel in the mood
to simply go straight to the update, without doing lots of reading, or has
previously read on the subject, I'll repeat the direct download link:
http://download.microsoft.com/downlo...iplus_dnld.exe
--
Karen S.
