nabocorp softwares

The latest MS security patch seems to effect cam2pc. See MS04-028 for details. Shouldn't cam2pc update its gdiplus.dll to the latest version?

Hello,

saw this one. Will try to update the DLL with the next patch release of cam2pc 4.4 but I must make sure that everything still works nicely. Such a big update should not be done without caution...

Regards,
nabocorp

Hi,

Please make updating this MS-Bug highpriority. As it is a JPEG related error, this make an imaging programm like cam2pc an easy target.

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/securi ... 4-028.mspx

Other users may find this scanning tool from ISC-SANS also helpful:
http://isc.sans.org/gdiscan.php

gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll.

The scan starts upon execution. It will signal completion of scan in text box with "Done."

Vulnerable versions of the .dll files are listed in RED.

Best regards,
Guus Gerrits

Hello,

cam2pc does not use GDI+ to load JPEG images. It uses its own internal stuff based on the jpeg library of the Independent JPEG Group. Therefore there is no hurry to update the GDI+ DLL used by cam2pc.

Regards,
nabocorp

FYI, I tried to load this sample virus image (http://www.easynews.com/virus.html) in cam2pc and cam2pc simply fails to load it and does not trigger any action of the virus.

Regards,
nabocorp

Finally,

if you still fear to be the target of the exploit you can download this version of the GDIPLUS.DLL file that seems to work fine with cam2pc. I have only tested it for a few minutes so you'd better backup the original GDIPLUS.DLL file in case something goes wrong. Just save this file in the installation dir of cam2pc, usually C:\Program Files\cam2pc.

http://www.nabocorp.com/cam2pc/gdiplus.dll

Regards,
nabocorp

Hi,

my SysAdmin at work (which started this discussion at the first place, security policies etc.) advised me just to rename the current gdiplus.dll and plain copy the new gdipluss.dll (Ver.5.1.3102.1360) into the cam2pc directory and try running cam2pc. Works fine for me (so far I have tested).

Of course you are in a very different position. As a good SW-manufacturer I also wouldnot replace dlls without making sure that really everything is still OK. Writing software is much more fun than battling hotline calls or even angry customer lawyers :wink:

Keep up the good work, your cam2pc SW is great :D

Best regards,
Guus Gerrits

GGerrits wrote:even angry customer lawyers :wink:

Writing this word on this forum is strictly forbidden :D