Thursday, August 18, 2005

Infocon: Yellow

Apparently there is a zero day exploit out for msdds.dll. Patch up every body. Its installed by the following programs:
Here is a list of applications that may install this component:
(Disclaimer: We can't test them all... but it should help you prioritize)
MS Visual Studio .Net
.Net Framework 1.1
Microsoft Office (2000, 2002, XP) [Karl, Juha-Matti]
Microsoft Project
Visio [Chris]
Access 11 (2003) runtime [Scott]
ATI Catalyst driver installed by newer ATI video cards [Eric]

MSDDS.DLL is not found on Win2003 SP1 SERVER with .net installed (not Visual Studio .net). [Andy].

Not all default Office 2000 installs have msdds.dll installed. [Emmanuel]

We get conflicting reports, likely due to various configuration and install choices. Please verify yourself the version before concluding that you are not vulnerable.

The version of MSDDS.DLL installed with Office 2003 is not vulnerable.