GDIPLUS.DLL security updates for VFP 8.0 and VFP 9.0
MS security bulletin Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) lists MS products affected including VFP 8.0 and VFP 9.0. It supersedes MS security bulletin MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593). I blogged about it at GDI+ security updates for VFP 8.0 and VFP 9.0
- Visual FoxPro 8.0 Service Pack 1 GDIPLUS.DLL Security Update
- Visual FoxPro 9.0 Service Pack 2 GDIPLUS.DLL Security Update
There's no security update for VFP 9.0 Service Pack 1.
The gdiplus.dll has the file attributes (or later file attributes) that are listed in the following table:
| File name | File version | File size | Date | Time |
|---|---|---|---|---|
| Gdiplus.dll | 5.2.6001.22319 | 1,748,992 | 13-Aug-2009 | 09:55 EST |
The gdiplus.dll can be downloaded directly at Platform SDK Redistributable: GDI+.
Merge Module
Hi Sergey,
does this hold the VFP_GDIPlus.msm as well?
Agnes
Merge Module for GdiPlus
Hi Agnes,
I don't know for sure.
RE: Merge Module
Can you check your merge module folder for datetime of the VFP_GDIPlus.msm? Mine is still 14.12.2004.
Can you also check for the version of gdiplus.dll itself? I have two comps here running W2K and XP but there is no new version of GDIPlus.dll installed.
TIA
RE: Merge Module
The VFP_GDIPlus.msm on my PC wasn't updated either.
The update will not install new version of GDIPlus.dll if original VFP installation didn't install it. It could happen when GDIPlus.dll version on PC where never than one that comes with VFP.
RE MSM GDIPlus.dll
So how do we get the new GDIPlus.dll to customers comp the smart way?
I can recreate the msm but I hate this.
RE MSM GDIPlus.dll
A lot of people are using Inno Setup that does not require MSM files.
Inno Setup
I know.
But I have those old ISD license and all the work in it's scripts. (And no time left for learning the odds of inno setup).
Looks like I fake the msm, it's not that much work with ISD. (^.^)
Agnes