GDIPlus Scanning Tool from Sans.org
I recently ranted about the shocking GDIplus.dll JPEG processing vulnerability on this blog. Since then Microsoft released a tool that scans for vulnerable versions of this dll as part of windows update. Unfortunately this tool only results in giving people a false sense of security because it is incomplete.
The good people at sans.org have released their own tool which appears to be much better than Microsoft’s. I recommend running this tool at least once on your Windows PC and then each time you install any application that *may* install its own copy of the dll (i.e. potentially *any* application that does JPEG processing). Of course it’s worth making sure that you have installed all vendor updates before you run the tool as they may well fix the vulnerability. Also, please read the sans.org web page carefully before your run their tool as there are some instances where it is “OK” if a vulnerable instance of the dll is found on your computer.
Additionally for users of Macromedia’s MX line of products, they recently released this security bulletin that states that their products are not affected by the vulnerability.
Thanks goes to my ever dependable colleague Rob for showing me the sans.org tool.
