MS04-028 - .NET Framework

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Certificate Template The validity period from the user certificate template in win2k certificate authority is only one year if it is a enterprise ca. How can I change validity period to a longer value? Exists other templates for w2k enterprise ca? Tag: MS04-028 - .NET Framework Tag: 61329
  - 2
    - Spybot Search & Destroy recovery? Hello, Does anyone here know antything about Spybot Search & Destroy? I have used Spybot to remove some of the spyware on my computer but when I open Spybot and go to Recovery there is nothing listed there. Aren't all the "fixed problems" supposed to show up so that I can undo them if I need too? Sorry if this is the wrong newsgroup to ask this but I didn't know where else to go! Thanks, Val Tag: MS04-028 - .NET Framework Tag: 61326
  - 3
    - HOWTO: Enable/Disable USB interface and/or USB storage devices using Group Policy in Windows XP Hello from Istanbul/Turkey, In Windows 2000 or 2003 Active Directory and Windows XP workstation environment, you can enable or disable all the USB interface or just USB storage devices using group policy. Just follow: 1. Create a custom adm file, you can name it usb.adm with the following content: ; Beginning of the file ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; CLASS MACHINE ;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; CATEGORY !!USB POLICY !!REstrictUSB KEYNAME "System\CurrentControlSet\Services\usbuhci" PART !!RestrictionValue NUMERIC VALUENAME Start END PART END POLICY POLICY !!REstrictUSBStorage KEYNAME "System\CurrentControlSet\Services\USBSTOR" PART !!RestrictionValueStorage NUMERIC VALUENAME Start END PART END POLICY END CATEGORY #endif [strings] USB="Restrict USB Access" RestrictUSB="USB Interface Restriction" RestrictionValue="Enter 4 to restrict USB interface, 3 to enable" RestrictUSBStorage="USB Storage Restriction" RestrictionValueStorage="Enter 4 to restrict USB storage, 3 to enable" ; End of the file 2. Put this file in C:\Windows\Inf in one of your Domain Controllers (DC). 3. On this DC, run AD Users and Computers, select the Organizational Unit (OU) you want to enable or disable USB. Open Group Policy (GP) for this OU. 4. Select Administrative Templates under Computer Configuration. Right click and select Add/Remove Templates, click add and select usb.adm and click open, then close Add Remove Templates window. 5. Now you can see "Restrict USB Access" category under Administrative Templates. To see its contents, you should click Administrative Templates and on View menu clik Filtering. Clear "Only show policy settings that can be fully manages" option. Click OK. 6. Click Restrict USB Access. There are two policies here, USB Interface Restriction (UIR) and USB Storage Restriction (USR). 7. If you want to fully enable full USB, enable two of the policies and enter the value of 3. If you want to enable USB interface but disable USB storages, enter 3 for UIR, 4 for USR. If you want to disable USB all, enter 4 for both values. PS: Because this registry setting is considered as a preference, even if you remove the policy, the setting remains there. So you should enable this settings in all your organizational units. I've tried this in Windows 2003 and Windows XP environments and saw it works. I didn't try in Windows 2000, but i guess it works there too. I hope this helps you too. Tag: MS04-028 - .NET Framework Tag: 61325
  - 4
    - Can webmail be attached with digital signature? Is it only allowed to attached with plain text signature? Tag: MS04-028 - .NET Framework Tag: 61321
  - 5
    - Questions about digital signature I have installed a digital certificate into my OS. How can I know whether an email address is with a digital certificate? If the person whom I will send email to holds a certificate which didn't come from the CA wich issueed mine, Can I send him a secured email? If my OS is hacked by someone, Is my certificate secure( because the secure level I set is medium without passwords)? Thank you very much. Tag: MS04-028 - .NET Framework Tag: 61320
  - 6
    - computer protiction Help, can anyone give me some insight as to which Anti- Virus protiction to use? I was going to use Vcom SystemSuite5, but I don't think it works good with WindowsXP. I was using McAfee, but got a virus anyway. I just don't know what to pick, help me if you can. Thanks meme Tag: MS04-028 - .NET Framework Tag: 61313
  - 7
    - Front page extensions If I enable front page extensions, is there any security risks? thanks Tag: MS04-028 - .NET Framework Tag: 61305
  - 8
    - kernell files Hello i just have a question about the kernell files on windows xp pro.Like i use my pc for studying and i copy my cds so i can listen to them . I dont access pornography or any crap like that and all my softwares bought from shops Nothing pirate on it .yet in the kernell files loads of bad things are turning up like hack hotmail files and that and all they do is regenerate. Theres only one program in the folder and thats msconfig so i cant delete that because its a program i know nought about. virus's that also appear in my registry keep regenerating only the same two envolo and autoupdate.exe. So can anyone help me eradicate these cracks,serials,viruses because i fear for my pc health Tag: MS04-028 - .NET Framework Tag: 61301
  - 9
    - Unsupported Extension (SMTP) Outllook Express 6 McAfee says I need to disable an unsupported extension on outgoing e-mail otherwise clean outgoing mail cannot be assured. Does anyone know anything about this? Tag: MS04-028 - .NET Framework Tag: 61298
  - 10
    - Crash with SP2 Any ideas? I've crashed 10 times today. Own a DeskBook from XOpen America. P3 processor, 1GB RAM STOP: 0x0000009C (0x00000004, 0x00000000, 0xb2000000, 0x00020151) Susan Tag: MS04-028 - .NET Framework Tag: 61297
  - 11
    - Confused about latest patches I read on microsoft.com/technet about (critical update) "Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)" and (important update) "Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)". If I visit Microsoft Office Downloads Home Page (http://office.microsoft.com/en- us/officeupdate/default.aspx) and also www.windowsupdate.com, will these two sites tell me if I need to install these two updates? I have Windows 2000 (not XP) but I do have Office XP. Why won't office.microsoft.com (updates) or windowsupdate.com tell me? Do I have to read down the list of affected software and update manually. So confused, Jimmy Tag: MS04-028 - .NET Framework Tag: 61291
  - 12
    - Disabled Viewing of PDF files I cannot view pdf files since I installed a spyware programme. I think an 'add on' has been disabled. Some add ons I can't enable since a message says this is under the control of the administrator. Can anybody help me solve this problem. Thanks. Malcolm Tag: MS04-028 - .NET Framework Tag: 61284
  - 13
    - making a folder truly private and unsearchable I need to know how to make a folder truly private. Of course I can hide the folder but anyone who knows how to use windows knows how to find it. I thought I heard once that if I put the $ symbol before and after the file name it would hide it but that didn't work. Can anyone out there help me out? Tag: MS04-028 - .NET Framework Tag: 61282
  - 14
    - Search? Can I see someone's search history (ie with Yahoo or Google) when the HISTORY and TEMP internet files are cleaned out? Thanks Tag: MS04-028 - .NET Framework Tag: 61281
  - 15
    - New MSSecure.XML Version 2004.09.14.0 Now Available MSSECURE.XML Data Version 2004.09.14.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified today, September 14, 2004, and is now available for all supported languages (English, French, German and Japanese). Public download locations for these updated versions - pending worldwide replication and local proxy and caching issues - are listed below. If there are delays obtaining the latest, updated XML files, be sure you review KB842432 to troubleshoot potential local proxy and caching issues. ENU: http://go.microsoft.com/fwlink/?LinkId=18922 DEU: http://go.microsoft.com/fwlink/?LinkId=18121 FRN: http://go.microsoft.com/fwlink/?LinkId=18122 JPN: http://go.microsoft.com/fwlink/?LinkId=18120 This release supports the following new bulletins (with only limited support as detailed below and in today's web cast): a.. MS04-027 (WordPerfect Converter) - 884933. This bulletin is not supported for detection in MBSA. See KB306460 for more details on supported products. b.. MS04-028 (GDI+) - 833987. This bulletin will generate a Note message on the applicable platforms indicated in the MS04-028 bulletin. This is critical to understand since even though some operating systems may be affected by having a vulnerable Microsoft product installed on an otherwise unaffected operating system, the only platforms that will show a Note message are the Affected Operating Systems (Windows Server 2003 and Windows XP RTM and SP1) and Affected Components (Internet Explorer 6 SP1) as called out in the MSRC bulletin. See KB306460 for more details on supported products. This XML is fully supported for use with MBSA 1.2, MBSA 1.2.1 and the SMS SUS Feature Pack. To get the latest updates, features and Windows XP SP2 compatibility, be sure to upgrade to MBSA 1.2.1. SMS SUS Feature Pack users do NOT need to upgrade since all of the features are already provided by SMS. Details of the added and improved features in MBSA 1.2.1 can be found on the MBSA home page (http://www.microsoft.com/mbsa). This release does not include any other fixes, updates or improvements beyond the items stated above. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for the Microsoft Baseline Security Analyzer (MBSA) at the following link: http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: MS04-028 - .NET Framework Tag: 61278
  - 16
    - Microsoft Security Bulletins for September 2004 September 14, 2004 Today Microsoft released the following Security Bulletins. Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summaries: September Summary http://www.microsoft.com/technet/security/Bulletin/ms04-sep.mspx Critical Bulletins: MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx Important Bulletins: MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) http://www.microsoft.com/technet/security/Bulletin/MS04-027.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: MS04-028 - .NET Framework Tag: 61277
  - 17
    - has hotmail been hacked? anybody out there notice something is wrong with msn's hotmail.........anybody??? Tag: MS04-028 - .NET Framework Tag: 61267
  - 18
    - HLLW.Anig worm - what a pain Hello - Does anyone have any good ways to trap the Anig worm in a large-scale environment? (30,000+ users)? Apparently it's snagged one of our Domain Admin credentials, and it's spreading like mad cow disease in the UK. :) Thanks in advance. Tag: MS04-028 - .NET Framework Tag: 61264
  - 19
    - Monitoring machine usage Hi, Part of the great Sarbanes Oxley audit requires that we monitor our third party application providor when they are in the program changing stuff. They usually dial in and then run the program as a terminal service client. My requirements are to capture everything they do. Is this possible? Any products out there? HELP!!!! Tag: MS04-028 - .NET Framework Tag: 61262
  - 20
    - Scheduled backups password probs I have yet to successfully run a scheduled M/S backup due to password problems. M/S help suggests running under administrator, this failed also. Why the hell do we need passwords just to run backups? Surely backups take priority over security, it certainly does in the real computer world. Tag: MS04-028 - .NET Framework Tag: 61250
  - 21
    - How safe/unsafe is it to use winxp w/o built in firewall? As the subject says, thanx! Tag: MS04-028 - .NET Framework Tag: 61249
  - 22
    - users password i set up an individual user & password from the control panel. i no longer need this setting & was looking to delete it & couldn't figure it out? p.s. i have 98!plus Tag: MS04-028 - .NET Framework Tag: 61247
  - 23
    - hackers conference malaysian bigest hackers conference to be held on Oct 04-07 2004 http://conference.hackinthebox.org Tag: MS04-028 - .NET Framework Tag: 61246
  - 24
    - password doesn't lock anyone out of my pc I want to know if there is a way to lock people out of my pc with a password on windows '98. Tag: MS04-028 - .NET Framework Tag: 61244
  - 25
    - password secure Why can't I lock my children out of my computer with a password on windows '98 Tag: MS04-028 - .NET Framework Tag: 61243
- Next
  - 1
    - CAPICOM Win98SE I have a simple VB application to load a *.pfx file into localMachine certificate store using the CAPICOM api. It seems to work fine on Windows XP, however when I try and run it on Win98SE. I get an error on the load method "Incorrect Parameter" I have tried different combinations but they all seem to fail in the same way. The Load works fine to CurrentUser,My store on Win98. It doesn't seem to like importing to localMachine,root on win98? Dim st As New Store Dim storeLocation As CAPICOM_STORE_LOCATION Dim storeName As String Dim fileName As String storeName = "Root" storeLocation = CAPICOM_LOCAL_MACHINE_STORE fileName = "certname.pfx" st.Open storeLocation, storeName, CAPICOM_STORE_OPEN_READ_WRITE st.Load fileName, "password", CAPICOM_KEY_STORAGE_DEFAULT Any ideas are much appreciated. Thanks, Kevin Tag: MS04-028 - .NET Framework Tag: 61235
  - 2
    - Use this Patch immediately I keep getting this e-mail, 5 a day that has an attachment called patch.exe The return e-mail is security@microsot.com It seems fishy to me, but how do I get rid of it? Tag: MS04-028 - .NET Framework Tag: 61233
  - 3
    - email distribution When I send email about my link website to any more than 50 addresses at a time, they don't seem to go through. Could this be a virus? Julie Tag: MS04-028 - .NET Framework Tag: 61225
  - 4
    - strange files on my computer I was advised to delete anything unusual from c:/documents and settings/owner/local settings/temp. Whenever I try to do this, there is a file that I cannot delete because the system says someone else is using it. The file name first was 1376.fdr. At the time, I was not signed on to the internet, and I didn't even have the telephone line plugged in. This morning, I had the same problem with fdr1416.fdr. What is worse, I went to delete the cookies on temporary internet files, and when I came back to look at the temp folder, there was a file called ~df434c.tmp there, and I cannot delete that either. Since I was not signed on to the internet then and did not have my computer plugged in to the internet, either, and I have disabled the wireless zero configuration on msconfig. It seems to me that there is no way this could happen unless someone is on my computer when I am. I run adaware every day, and also have spywareblaster running. I have installed security pack 2. What next? Tag: MS04-028 - .NET Framework Tag: 61221
  - 5
    - security alert pop ups I get the same pop up message time and again directing me to a website for a windows patch to fix a problem it claims to have identified on my computer running on Windows2000. www.windowspatch.net Is this a genuine alert or is it bogus ? Tag: MS04-028 - .NET Framework Tag: 61219
  - 6
    - IP logging I have recieved an email from a friend of mine saying that I had registered them to recieve mails from there site as it logged my IP (this is from a porn site btw) and I know for a fact I have not done this can anyone shed any light onto how this is possible he is furious about it and so am I. It has been suggested to me that it could be that I have been logged when I have tried to unsubscribe from these mails (stupid move) as I have access to his mails him being my b/f please help ANYONE !!! Tag: MS04-028 - .NET Framework Tag: 61217
  - 7
    - Password Locked Hi there. I just want to make sure about something. We have a user whose password keeps locking out. We checked our security event log and there are 2 PC that registers that locks her password. Both these machines are hers and only she uses them. She insists that there is some kind of problem because she types the password in correctly. First off she is very high up and does not appreciate a technician to tell her that she types like her ass. 2nd Some other technician told me that there can be a dialer installed on her PC that tries to connect to a site and it runs in the back ground. Is this possible? Can't I load a key logger so that I can proof to her that it is a user error and not the PC or network. Tag: MS04-028 - .NET Framework Tag: 61211
  - 8
    - Disabling the ability to read/write to a USB device?? It is highly desirable that USB drives are not used in certain locations (such as financial institutions) - In general this is a very difficult policy to enforce as USB is so handy you don't want to generally disable it. Is it possible to disable the ability to read and/or write to a USB device using the inherent security settings (e.g domain or group policy) for different user groups ? Cheers Mark Tag: MS04-028 - .NET Framework Tag: 61210
  - 9
    - Where is a good place to report websites deliberately hacking sufe Where does one report a site deliberately trying to infect surfers with a hacking virus? I mean other than the abuse address shown by Whois, because the netzone holder and my ISP are essentially the same, and my ISP doesn't give a hoot, based on prior reports to them from the same netzone that were responded to with, basically, the information that I ought to resolve the matter myself. I come across a website that tries to compel acceptance of a virus (in this case Mhtreder.ge) which enables further hacking, at 4.31.21.33, at a textually described (from Google) site called nakedpics.name/britney-spears-clips-sexy/ britneyspearsclipssexy.html (three guesses what I was surfing for). My Panda firewall/virus picked up the named virus or variant being downloaded via one of those OS-mimetic pop-up windows and which requires going to task manager and completely nuking the browser to get out of. By coincidence, or perhaps not, I have been having persistent port scan attacks from the 4.31.x.y netzone since at least the start of September. They're a busy little set in that netzone! At any rate, is there a proper place for me to report a website deliberately virus infecting surfers other than a nonresponsive company and potentially nonresponsive abuse email address? Tag: MS04-028 - .NET Framework Tag: 61208
  - 10
    - Where does one report a webiste deliberately forcing virus accepta When I come across a website that tries to compel acceptance of a virus (in this case Mhtreder.ge) which enables further hacking, who does one tell? My impression is that my ISP, Verizon, couldn't care less - I'm utterly on my own with the help of the Whois account they've set up for their users. This is despite that their customer support in other areas is pretty good in my experience. Using Whois in this case is problematic, as the site, at 4.31.21.33, at a textually described (from Google) site called nakedpics.name/britney-spears-clips-sexy/ britneyspearsclipssexy.html (three guesses what I was surfing for), is either directly held and not subassigned by Level3, which I understand to be part of GTE, which I understand to be associated with Verizon. The area is skipped over in a search for subassignments from the 4.x.x.x-4.x.x.255 netzone holder. Talk about your self-looping error. My Panda firewall/virus picked up the named virus or variant being downloaded via one of those OS-mimetic pop-up windows and which requires going to task manager and completely nuking the browser to get out of. By coincidence, or perhaps not, I have been having persistent port scan attacks from the 4.31.x.y netzone since at least the start of September, though on certain occasion 4.x.y.z IPs are the remote sender and on rare occassions it is from Asia. At any rate, is there a proper place for me to report a website deliberately virus infecting surfers? Tag: MS04-028 - .NET Framework Tag: 61207
  - 11
    - Mass Importing of Certificates (Terminal Server) hi, i have this certificate that is needed for this custom browser/web page app that is provided to us by on of our business affilates. They require a certificate to be installed for each person to be able to access the web site. Please let me know how i can install these certificates for each user in a terminal server environment. I've had a look through my win2k AD and nothing there seems to help.... is there some sorto f script i can use ? i've tried adding it to the computer's (terminal server) certificate store. But it doesn't show up for users... please help Tag: MS04-028 - .NET Framework Tag: 61203
  - 12
    - please email my solution please email my solution as i am leaving this computer Tag: MS04-028 - .NET Framework Tag: 61192
  - 13
    - Clearing Search History I would like to delete my search history so that when using a search engine (ie. Google) my list of previous searches will not pop up. Can somebody PLEASE help me? Thank you!! Andrea. Tag: MS04-028 - .NET Framework Tag: 61189
  - 14
    - can't load any secure pages from home With Internet Explorer, I am unable to load such pages as credit card info, banking info, secure order forms, I can't buy anything, etc. Email works fine, and I have checked my security settings and they are on the LOWEST setting. I tried downloading a possible update from Windows Update, but Windows Update won't work. I can't even send a message to Microsoft from their help screens. I am at a different computer now, in case you were wondering. Someone please help quick! I pay a lot for the internet, and I can't even use it for important things. Tag: MS04-028 - .NET Framework Tag: 61187
  - 15
    - New computer - Internet Connection problem. We just recently got Shaw Cable internet connection. The connection disconnects frequently and it's probably a virus however I can't find anything when I run virus scan...Can anyone help? Tag: MS04-028 - .NET Framework Tag: 61186
  - 16
    - Service Pack 2 After I installed Service Pack 2 (XP)I keep getting the flag message on the lower bottom right of my computer that Nortons status cannot be found,this message is coming from my security center.I read somewhere that there was something I could do. Hope you can help!! Thanks and have a good day Tag: MS04-028 - .NET Framework Tag: 61178
  - 17
    - web page automatically opening Yesterday, my daughter was on the computer when she started getting automatic IE pages opening. They were all from the following... "http://69.20.62.53/yyy10.html". I ran adaware and it found a number of registry locations that I attempted to fix. I am also running Norton AntiVirus and I have already installed service pack 2. I am still getting these IE pages opening... Is there a fix? Tag: MS04-028 - .NET Framework Tag: 61177
  - 18
    - Spyware I just ran Spyware-Search and Destroy and I have over 100 spyware, most of them are cookies but a few are in my registry. Is it safe to remove the spyware that is in the registry? Thanks, Val Tag: MS04-028 - .NET Framework Tag: 61175
  - 19
    - Help with a virus problem I somehow got a virus in my pc it says the path is system restore volume information it is picked up by my avg virus remover it prompts me to run avg but it will not remove the said virus I tried turning off my system restore bt that did not work it came back when i restarted system estore please help very frustrated at this problem. when i sign on is when it notifies me that the virus is there. thanks alot PHATBOY Tag: MS04-028 - .NET Framework Tag: 61170
  - 20
    - Mblaster and svchost does anyone know why do I see the Mblaster shutdown popup when I end process on one particular svchost.exe? Have run numerous virus, spy scans and nothing comes up. have about 5 svchost.exe running at a given time, can end proc on some of them with no problem. I am using 'shutdown /a to stop the NT authority from acting but need to do more obviously..but what? THANK YOU!!!! Tag: MS04-028 - .NET Framework Tag: 61165
  - 21
    - start up error message When booting up the computer I get this message: C:\WINNT\Downloadedpgmfiles\bridge.dll Any idea how I get rid of it? Mike Tag: MS04-028 - .NET Framework Tag: 61163
  - 22
    - Account Access Is there a way to receive notification if account access is attempted from a location away from my home computer? Can the notification identify where the attempts are coming from? Changed passwords, but wish to be notified if access is attempted with the old password. Tag: MS04-028 - .NET Framework Tag: 61162
  - 23
    - search2020 I have a search bar attatch itself to my IE and i cant get rid of it. I tried deleting it in program files and it wont budge. I down tried 2 different adware and spyware programs and they didnt solve the problem. If anyone knows how to remove this adware please tell me. Thanks. Tag: MS04-028 - .NET Framework Tag: 61155
  - 24
    - Help with download problem. I've been told that i need to download the same critical update ten times now, even though i download it every time. The download is: 823559: Security Update for Microsoft Windows. Can someone tell me how to download it once and for all so that the critical update messege stops poping up? Tag: MS04-028 - .NET Framework Tag: 61153
  - 25
    - I can't Go to My Music a I had to change my WindowsXP .After I change it My Document didn't Delete becuse it was'nt in wndows root (i moved that to another partition). i cant go to MY Music now .when i'm trying to open it tell me "Access is Denied" what must i do now. Tag: MS04-028 - .NET Framework Tag: 61149

Does anyone know if an ASP.NET web application that uses GDI+ can be
exploited by the vulnerability described in MS04-028? And, if so, how?

thanks

Top

Re: MS04-028 - .NET Framework by Hopper

Hopper
Wed Sep 15 13:02:00 CDT 2004

I would certainly think so, in the same fashion of the GDI+ exploit.

"user" <a@localhost> wrote in message
news:%23zN8esymEHA.3988@tk2msftngp13.phx.gbl...
> Does anyone know if an ASP.NET web application that uses GDI+ can be
> exploited by the vulnerability described in MS04-028? And, if so, how?
>
> thanks
>
>

Top

Re: MS04-028 - .NET Framework by Karl

Karl
Wed Sep 15 22:18:54 CDT 2004

Check out the list of four or five possible scenarios in the
"Vulnerability - FAQ" section of the MS04-028 technical security bulletin at
www.microsoft.com/technet/security

The program in question generally has to open or display the JPEG image in
question.

"user" <a@localhost> wrote in message
news:%23zN8esymEHA.3988@tk2msftngp13.phx.gbl...
> Does anyone know if an ASP.NET web application that uses GDI+ can be
> exploited by the vulnerability described in MS04-028? And, if so, how?
>
> thanks
>
>

Top