Germany|Hungary|Japan|Spain|USA
Products and Services Support Company Community
You are here: HomeSupportArchiCAD
ArchiCAD
ArchicadWiki
Documentation
Downloads
Links
System Requirements
Developer
IFC Support
Intel Mac
Contact Us | Site Map | Printable version

Security hole in Microsoft's GDIPLUS.DLL distributed with ArchiCAD 8.1 and ArchiCAD 9 INT and USA versions

Written by Andor Szõke

On September 14, 2004 Microsoft published a note that GDIPLUS.DLL, which is part of the Windows XP operating system and was distributed with a number of Microsoft products, contained a security hole that could allow remote code execution during processing of JPEG images. The file has been redistributed with ArchiCAD 8.1, with ArchiCAD 9 INT and with ArchiCAD 9 USA. When ArchiCAD is installed this module is installed into the ArchiCAD folder. The other ArchiCAD 9 versions will install a fixed version of this DLL only on WINDOWS 2000 systems.


What should users do exactly?

  • ArchiCAD uses Quicktime instead of the GDIPLUS.DLL for processing JPEG image files thus the DLL which is placed in the ArchiCAD folder cannot harm the user's computer even if it is the one containing the security hole, because ArchiCAD does not use the feature which allows such remote code execution.
  • What can harm the user's computer are the GDIPLUS.DLL files placed anywhere else which were NOT DISTRIBUTED WITH ARCHICAD but with other applications and thus they are in the folders created by these applications. Concerning the GDIPLUS.DLL files distributed by other applications users should follow the recommendations of Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Page last updated: Thursday, September 23, 2004

Copyright © 2008 - Graphisoft R&D Zrt. All rights reserved worldwide. Terms of Use | Privacy Policy