Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Issued: September 14, 2004
Updated: September 21, 2004
Version: 1.2
Summary
Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information.
Tested Software and Security Update Download Locations:
Affected Software:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1 Download the update (KB833987)
Microsoft Windows XP 64-Bit Edition Service Pack 1 Download the update (KB833987)
Microsoft Windows XP 64-Bit Edition Version 2003 Download the update (KB833987)
Microsoft Windows Server 2003 Download the update (KB833987)
Microsoft Windows Server 2003 64-Bit Edition Download the update (KB833987)
Microsoft Office XP Service Pack 3 Download the update (KB832332)
Microsoft Office XP Service Pack 2 Download the administrative update (KB832332)
Microsoft Office XP Software:
Outlook 2002
Word 2002
Excel 2002
PowerPoint 2002
FrontPage 2002
Publisher 2002
Access 2002
Microsoft Office 2003 Download the update (KB838905)
Microsoft Office 2003 Software:
Outlook 2003
Word 2003
Excel 2003
PowerPoint 2003
FrontPage 2003
Publisher 2003
Access 2003
InfoPath 2003
OneNote 2003
Microsoft Project 2002 (all versions) and Microsoft Project 2002 Service Pack 1 (all versions) Download the update (KB831931)
Microsoft Project 2003 (all versions) Download the update (KB838344)
Microsoft Visio 2002 Service Pack 1 (all versions) and Microsoft Visio 2002 Service Pack 2 (all versions) Download the update (KB831932)
Microsoft Visio 2003 (all versions) Download the update (KB838345)
Microsoft Visual Studio .NET 2002 Download the update (KB83034
Microsoft Visual Studio .NET 2002 Software:
Visual Basic .NET Standard 2002
Visual C# .NET Standard 2002
Visual C++ .NET Standard 2002
Microsoft Visual Studio .NET 2003 Download the update (KB83034
Microsoft Visual Studio .NET 2003 Software:
Visual Basic .NET Standard 2003
Visual C# .NET Standard 2003
Visual C++ .NET Standard 2003
Visual J# .NET Standard 2003
The Microsoft .NET Framework version 1.0 SDK Service Pack 2 Download the update (KB867461)
Microsoft Picture It! 2002 (all versions) Download the update
Microsoft Greetings 2002 Download the update
Microsoft Picture It! version 7.0 (all versions) Download the update
Microsoft Digital Image Pro version 7.0 Download the update
Microsoft Picture It! version 9 (all versions, including Picture It! Library) Download the update
Microsoft Digital Image Pro version 9 Download the update
Microsoft Digital Image Suite version 9 Download the update
Microsoft Producer for Microsoft Office PowerPoint (all versions) Download the update
Microsoft Platform SDK Redistributable: GDI+ - Download the update
Office Users Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section. Office 2003 Service Pack 1, Visio 2003 Service Pack 1, and Project 2003 Service Pack 1 contain an updated version of the affected component and are not affected. Customers that have installed these service packs do not need to install the available security updates for these products.
MSN 9 Users Note MSN 9 distributes Picture It! Express version 9 and Picture It! Library. You have the option to install these programs when you install MSN 9. You should install the Picture It! version 9 update only if you installed Picture It! Express version 9 or Picture It! Library when you installed MSN 9.
Affected Components:
Internet Explorer 6 Service Pack 1 - Download the update (KB833989)
The Microsoft .NET Framework version 1.0 Service Pack 2 Download the update (KB867461)
The Microsoft .NET Framework version 1.1 Download the update (KB867460)
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Issued: September 14, 2004
Updated: September 21, 2004
Version: 1.2
Summary
Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information.
Tested Software and Security Update Download Locations:
Affected Software:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1 Download the update (KB833987)
Microsoft Windows XP 64-Bit Edition Service Pack 1 Download the update (KB833987)
Microsoft Windows XP 64-Bit Edition Version 2003 Download the update (KB833987)
Microsoft Windows Server 2003 Download the update (KB833987)
Microsoft Windows Server 2003 64-Bit Edition Download the update (KB833987)
Microsoft Office XP Service Pack 3 Download the update (KB832332)
Microsoft Office XP Service Pack 2 Download the administrative update (KB832332)
Microsoft Office XP Software:
Outlook 2002
Word 2002
Excel 2002
PowerPoint 2002
FrontPage 2002
Publisher 2002
Access 2002
Microsoft Office 2003 Download the update (KB838905)
Microsoft Office 2003 Software:
Outlook 2003
Word 2003
Excel 2003
PowerPoint 2003
FrontPage 2003
Publisher 2003
Access 2003
InfoPath 2003
OneNote 2003
Microsoft Project 2002 (all versions) and Microsoft Project 2002 Service Pack 1 (all versions) Download the update (KB831931)
Microsoft Project 2003 (all versions) Download the update (KB838344)
Microsoft Visio 2002 Service Pack 1 (all versions) and Microsoft Visio 2002 Service Pack 2 (all versions) Download the update (KB831932)
Microsoft Visio 2003 (all versions) Download the update (KB838345)
Microsoft Visual Studio .NET 2002 Download the update (KB83034
Microsoft Visual Studio .NET 2002 Software:
Visual Basic .NET Standard 2002
Visual C# .NET Standard 2002
Visual C++ .NET Standard 2002
Microsoft Visual Studio .NET 2003 Download the update (KB83034
Microsoft Visual Studio .NET 2003 Software:
Visual Basic .NET Standard 2003
Visual C# .NET Standard 2003
Visual C++ .NET Standard 2003
Visual J# .NET Standard 2003
The Microsoft .NET Framework version 1.0 SDK Service Pack 2 Download the update (KB867461)
Microsoft Picture It! 2002 (all versions) Download the update
Microsoft Greetings 2002 Download the update
Microsoft Picture It! version 7.0 (all versions) Download the update
Microsoft Digital Image Pro version 7.0 Download the update
Microsoft Picture It! version 9 (all versions, including Picture It! Library) Download the update
Microsoft Digital Image Pro version 9 Download the update
Microsoft Digital Image Suite version 9 Download the update
Microsoft Producer for Microsoft Office PowerPoint (all versions) Download the update
Microsoft Platform SDK Redistributable: GDI+ - Download the update
Office Users Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section. Office 2003 Service Pack 1, Visio 2003 Service Pack 1, and Project 2003 Service Pack 1 contain an updated version of the affected component and are not affected. Customers that have installed these service packs do not need to install the available security updates for these products.
MSN 9 Users Note MSN 9 distributes Picture It! Express version 9 and Picture It! Library. You have the option to install these programs when you install MSN 9. You should install the Picture It! version 9 update only if you installed Picture It! Express version 9 or Picture It! Library when you installed MSN 9.
Affected Components:
Internet Explorer 6 Service Pack 1 - Download the update (KB833989)
The Microsoft .NET Framework version 1.0 Service Pack 2 Download the update (KB867461)
The Microsoft .NET Framework version 1.1 Download the update (KB867460)
