in addition to the one from MS updates.
http://isc.sans.org/gdiscan.php
The notes say to
- Ignore files in directories like Windows\$NtUniinstallKBxxxxx\
and
Windows\WinSxS. These are old versions left behind for uninstal
purposes.
I included the results from my PC. It looks like most (all?) of the Vulnerable version messages are from things
that don't normally run. I think the I386 is used for installs (like
the old Win 98 *.CABs).
So it looks like I'm clear for now. Even though it may try to sneak
back in from an uninstall or install.
Greg
Scanning Drive C:...
C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
Version: 10.0.6714.0
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
Version: 11.0.6360.0
C:\Program Files\Microsoft Office\OFFICE11\GDIPLUS.DLL
Version: 6.0.3264.0
C:\WINNT\$NtServicePackUninstall$\sxs.dll
Version: 5.1.2600.0 <-- Vulnerable version
C:\WINNT\$NtUninstallKB833998$\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable
version
C:\WINNT\$NtUninstallKB839645$\sxs.dll
Version: 5.1.2600.1336 <-- Vulnerable
version
C:\WINNT\LastGood\System32\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable
version
C:\WINNT\ServicePackFiles\i386\sxs.dll
Version: 5.1.2600.1106 <-- Vulnerable
version
C:\WINNT\system32\sxs.dll
Version: 5.1.2600.1515
C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.1_x-ww_8d353f14\GdiPlus.dll
Version: 5.1.3100.0 <-- Vulnerable version
C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
Version: 5.1.3101.0 <-- Vulnerable version
C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll
Version: 5.1.3102.1360
Scan Complete.
---
[This E-mail scanned for viruses by Findlay Internet]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
|