GDIPLUS.DLL security updates for VFP 8.0 and VFP 9.0

MS security bulletin Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) lists MS products affected including VFP 8.0 and VFP 9.0. It supersedes MS security bulletin MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593). I blogged about it at GDI+ security updates for VFP 8.0 and VFP 9.0

There's no security update for VFP 9.0 Service Pack 1.

The gdiplus.dll has the file attributes (or later file attributes) that are listed in the following table:

File name File version File size Date Time
Gdiplus.dll 5.2.6001.22319 1,748,992 13-Aug-2009 09:55 EST

The gdiplus.dll can be downloaded directly at Platform SDK Redistributable: GDI+.

Comments

Hi Sergey,

does this hold the VFP_GDIPlus.msm as well?

Agnes

Hi Agnes,

I don't know for sure.

Can you check your merge module folder for datetime of the VFP_GDIPlus.msm? Mine is still 14.12.2004.

Can you also check for the version of gdiplus.dll itself? I have two comps here running W2K and XP but there is no new version of GDIPlus.dll installed.

TIA

The VFP_GDIPlus.msm on my PC wasn't updated either.
The update will not install new version of GDIPlus.dll if original VFP installation didn't install it. It could happen when GDIPlus.dll version on PC where never than one that comes with VFP.

So how do we get the new GDIPlus.dll to customers comp the smart way?
I can recreate the msm but I hate this.

A lot of people are using Inno Setup that does not require MSM files.

I know.

But I have those old ISD license and all the work in it's scripts. (And no time left for learning the odds of inno setup).

Looks like I fake the msm, it's not that much work with ISD. (^.^)

Agnes

Hi Sergey,

I've created a modified merge module with the updated version. It contains the GDIPlus.dll Version 5.2.6001.22319. All properties exposed to the installer are untouched , except the file version. The new file is 1.010.176 2010/11/05 09.08.18.
It's renamed from "VFP_GDIPlus.msm" to "VFP_GDIPlus_dll.msm". One needs to replace the original "VFP_GDIPlus_dll.msm".

Agnes

Any idea on how to install this update?

Hi Carlos,

There're a few ways to install updates

Sergey

You stated above that "There's no security update for VFP 9.0 Service Pack 1." But there is: https://support.microsoft.com/en-us/kb/955369

Add new comment

Filtered HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.