Full Disclosure mailing list archives
RE: SANS GDIscan
From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Mon, 27 Sep 2004 16:25:19 -0500
I get the same thing. I see a lot of indifferences with the locations of the .DLL -- Also patched systems from M$ update and SMS patch pushes and still get vulnerable .DLLs using the Scanner from SANS? Does the M$ patch really fix this issue? I'm going to take a patched box and run some exploits on it in the lab to see the results. JP -----Original Message----- From: bashis [mailto:mcw () wcd se] Sent: Sunday, September 26, 2004 10:34 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] SANS GDIscan Hi I tested [1] 'gdiscan' from SANS, and this tool reports vulnerable DLL's after installing all availible patches from M$.. WinXP Pro SP1 C:\WINDOWS\system32\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version Win2k Server SP4 C:\Program Files\Common Files\Microsoft Shared\Ink\gdiplus.dll Version: 5.1.3097.0 <-- Vulnerable version [1] http://isc.sans.org/gdiscan.php Have a nice day /bashis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SANS GDIscan bashis (Sep 26)
- <Possible follow-ups>
- RE: SANS GDIscan Perrymon, Josh L. (Sep 27)