In reference to Microsoft IAVA 2004-A-0015 JPEG Processing GDI+ Buffer Overlow. I am a network security engineer that is responsible for IAVA compliance over large enterprises. My team is having fits with a gdiplus.dll that points to the following path for 200 machines on our network:
C:\Program Files\Common Files\Crystal Decisions\2.0\Bin\gdiplus.dll
My question is, does anyone know if SAP released an update file that doesn't depict as being vulnerable based on the latest Microsoft bulletin that was re-released in concerns to updates in GDI vulnerabilties?
Another concern we had, was renaming this .dll file, is it always registered or just present within the Crystal Decisions path, to where it could cause problems with the software on the asset?
V/R,
Jay