Results 1 to 7 of 7

Thread: How to fix the GDI+ JPEG Vulnerability

  1. #1
    Join Date
    Apr 2010
    Posts
    94

    How to fix the GDI+ JPEG Vulnerability

    Hello everyone,

    I have seen many users complaining about how to fix the GDI+ JPEG Vulnerability, so I thought that it will be better if I can provide a detailed tutorial inorder to get rid of the same. Actually, this is a GDI Scan Tutorial, that can be used for eradicating the above mentioned problem.

    For the people who d not know what this issue is, I would like to explain to them about the same in short.

    What does GDI+ JPEG Vulnerability mean??

    • An "Application Programming Interface" that helps various applications to work with graphics as well as formatted text, that is used for interactive display is called as GDI+. This is a varied technology that is used on a large scale for different purposes.
    • gdiplus.dll is a DLL that is used for the working of the above mentioned technology. A problem was discovered in this particular DLL and it was named as the GDI+ JPEG Vulnerability.
    • A wrong code was generated by this DLL while the images were processed and this ultimately led to the vulnerability.
    • A very disastrous situation that can occur because of this vulnerability is that another person who is aware how this code works can take over your system. For this, they will use a specially designed image of the extension JPEG and then, work out with the code.
    • The image that has this particular vulnerability can be used for this same purpose of taking control over the computer. It can only happen when you try to view this JPEG image.
    • So, this vulnerability can go to the extent of threatening the security of the system. It can grant another person who is controlling the image or its code directly complete rights of the system, that is Administrator Rights.

    Well, inorder to get rid of this problematic situation, an update has been released by Microsoft. This update has to be patched with whatever Windows operating system that anyone having the vulnerability is using. 2 of the updates are released, that includes the following:
    1. Windows Update
    2. Office Update

    The official site of Microsoft provides the above mentioned updates. Only after applying both these updates, the technique that I am providing can help you. So, make sure that you are having these updates patched with your system.

  2. #2
    Join Date
    Apr 2010
    Posts
    94

    Re: How to fix the GDI+ JPEG Vulnerability

    You need to go about a particular scan to fix the GDI+ JPEG Vulnerability. This scan is called as GDI Scan.

    GDI Scan:

    If the applications that are released by Microsoft is the reason for such a vulnerability, then it can be resolved with the help of the updates that I have mentioned above. But, imagine an application that is not related to Microsoft becoming a reason for this vulnerability. Well, after knowing the problems that this vulnerability can cause, hackers can use the same for getting access to any systems by creating their own third party applications, that can cause this vulnerability.

    The scan tool that is released by Microsoft can only be used for performing a GDI Scan for the Microsoft applications that are a reason for this problem. So, it is not possible for this tool for detecting any third party application, that I have mentioned above.

    For this purpose, a GDI Scan has been released for detecting the vulnerability that can be caused by any of the applications, may it be Microsoft or any third party ones. With the help of this, you can find out the applications that are vulnerable and after that upgrade the same. When the upgradation is done, the vulnerability will be removed by itself.

    The DLLs that are given below can be the reason for the GDI+ JPEG Vulnerability:
    1. gdiplus.dll
    2. sxs.dll
    3. wsxs.dll
    4. mso.dll

    Among these, the gdiplus.dll can be affected on a very large scale. If any of the above DLLs are affected, then the scan log will show them in red color. Also, the worst problem is that these DLLs cannot be found at only one place in your system. Thus, it is very difficult to find them manually.

    The scan and search will take place in the following manner:
    1. First of all, it checks for all these DLLs in the directory where this particular vulnerable program is installed.
    2. After that, it will check for directory from where it was run from.
    3. Then, the directory of the system will be scanned.
    4. Now, the vulnerabilities in the System32 directory will be checked for.
    5. The operating system will be started from the system directory and the same will be scanned. The directory of Windows will also be checked for
    6. At last, any of the directories that can have possible vulnerabilities will be scanned for.

    Thus, the operating system can be patched with the help of this method. But, a copy of the vulnerability can still be present in some part of the system.

  3. #3
    Join Date
    Apr 2010
    Posts
    94

    Re: How to fix the GDI+ JPEG Vulnerability

    How to go about using GDI Scan??

    1: First of all you need to search on the web for gdiscan.exe, that of the GUI (Graphic User Interface) version. Download the same. I have downloaded it from isc.sans.org. Also make sure that you do the download to a place in your computer that you wont forget.

    2: Next, you need to run this downloaded executable file.
    When you run this file, you will will get 3 options that can be used in this "GDI Scan" window as follows:
    • The drive that you would like to scan.
    • The Scan button.
    • The Clipboard button.


    3: Now, you have to select the particular drive that you want to scan. Only one drive can be selected at a time. After selecting the drive, you have to start the scan with the help of the Scan button.

    4: All gdiplus.dll and all other possible DLLs, that are related, along with their copies that are present in the drive that you specified will be shown as the output of the scan result.
    Remember that I have mentioned that it does not matter whether the vulnerability is caused by a Microsoft application of any third party application, all the DLLs will be shown in the result.

    5: Inorder to view the scan result, you have to use the last option, that is click on the Clipboard button. It is also possible for you to copy paste your DLL scan results into a notepad, so that you can get back to it later.

  4. #4
    Join Date
    Apr 2010
    Posts
    94

    Re: How to fix the GDI+ JPEG Vulnerability

    The particular GDI Scan application that I have mentioned about is developed for the users who use Windows XP, Windows 2000 and Windows NT. So, what if the vulnerability is present in the computers of Windows 95, Windows 98 or Windows ME users? There is a totally different technique for them.

    GDI Scan for Windows 95, Windows 98 or Windows ME users:

    Scanning and getting the scan results is the same. The only difference is in copying the results. You cannot copy the results directly into the Notepad as it can be done in the other operating systems. So, here is how you can go about with its copying:
    • The Clipboard has to be opened and after that a normal copying has to be done.
    • Now, go to Start and there, in Run, type Notepad and then, click on OK, so that the Notepad will be opened for you.
    • In Notepad, go to Edit and click on Paste. All the contents that were copied into the temporary memory will be pasted into the Notepad.
    • After that, click on File and then, save the particular Notepad file using the Save As option provided there.
    • Save the file onto the Desktop, so that you can refer to it quickly.
    • All Files are to be selected in the File Type drop down box.
    • The file has to be saved with the name log.rtf.
    • After you have saved it, you need to minimize the window and check out on the desktop for this file. When you double-click on it, the file will be opened in Word or Wordpad.

  5. #5
    Join Date
    Apr 2010
    Posts
    94

    Re: How to fix the GDI+ JPEG Vulnerability

    Verifying the Scan Results:

    You must be thinking on how to verify the results and find the particular DLLs that are having the vulnerability. Remember that the DLLs from the directories like Windows\$NtUniinstallKB, \Windows\WinSxS are to be ignored because they cannot be having vulnerabilities. These are the directories where the system keeps a copy of the DLLs. So, there is a possibility that you can find many copies of the same DLL. I would suggest that a copy of the DLLs from these directories be made before any changes or deletion are done.

    For finding the DLLs that are having the vulnerabilities, check out the DLLs that are displayed from other directories than the one mentioned above. If the DLLs from other directories are having the vulnerabilities, then they will be shown in "red color".

    You need to visit the websites of all the applications, whose DLLs are shown as vulnerable. Find the updates for he same there. If you can get them, download the updates as soon as possible. Installing the updates for the applications will eradicate the vulnerability of that particular DLL. After installing the updates, run a GDI Scan again and then, check out if the applications whose updates were done are having the same vulnerability still or not. If the problem is persisting, then you need to contact the officials and mention to them about the situation that you are facing.

    Getting the new version of gdiplus.dll and installing the same in your system is another technique that can help you to fix the vulnerabilities that are existing in your system. You can find the new version of this DLL only on the official site of Microsoft. Before you do the updation of this DLL, make sure that you keep a copy of this DLL that is installed in your system currently.
    You just have to replace the problematic DLL with this new one that you have downloaded from Microsoft.

  6. #6
    Join Date
    Apr 2010
    Posts
    94

    Re: How to fix the GDI+ JPEG Vulnerability

    Final Tip:

    I just want to remind you people that there are many tools being released for various applications that can help to increase the vulnerabilities of the DLLs of the same. So, it can be assured that every system is affected by one or the other GDI+ JPEG vulnerability.

    Thus, it is suggested that you go about with the above mentioned scans as soon as possible. This is because if you are going to delay the scan, then your system will be in greater danger.

    Remember that this vulnerability can allow the person in control of the same to get the permissions of full access of your computer. So, all your private data and entire system can be in wrong hands.

    All the best!!!!!!!!!!
    While trying the scans, if any of you get stuck anywhere in between the GDI Scan or its removal, then just let me know about it, so that I can help you out with it.

    All possible comments and suggestions on this vulnerability or the solution provided is very much appreciated.
    Thanks.......

  7. #7
    Join Date
    Nov 2005
    Posts
    344
    Hey DooM !,
    Thanks for making me aware about the GDI+ JPEG Vulnerability and how it can be fixed. I have scanned my system in the same way that you had recommended to. I was surprised to find so many vulnerabilities in my system. Anyways, I have got rid of all of them.

    I am sure that this information shared here will be useful to almost all the members on this forums. Keep the good work going on DooM !.

Similar Threads

  1. Solution for vulnerability?
    By Roey in forum Off Topic Chat
    Replies: 2
    Last Post: 27-02-2013, 08:46 AM
  2. Top Web Vulnerability Scanners
    By Shaan12 in forum Windows Software
    Replies: 5
    Last Post: 27-12-2009, 05:14 AM
  3. Windows 7 vulnerability
    By cool bhavin in forum Networking & Security
    Replies: 4
    Last Post: 25-09-2009, 09:45 AM
  4. vulnerability in Dsl router
    By zaid in forum Networking & Security
    Replies: 4
    Last Post: 08-09-2009, 09:36 AM
  5. Vulnerability in Mac OS X
    By timon in forum Operating Systems
    Replies: 3
    Last Post: 26-02-2009, 10:20 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,678,485.43615 seconds with 17 queries