Jump to content

Q891711 + U891711 = Unofficial MS07-017 + MS05-002 .ANI fix


MDGx

Recommended Posts


It's giving me the "Insufficient memory" thing again!
This issue is not related to U891711 as far as I can tell.

You may want to look into other system settings or installed programs/updates.

HTH

Link to comment
Share on other sites

  • 4 weeks later...

This patch works on Italian version of Win ME?

Yeah!

really? are u sure? how about the Italian edition of Win98 SE?

the latest U891711 patch does not cause "insufficient memory" errors as I've tested on many Win98 & WinME machines. the problem seems to lie with one or some of third party apps/drivers. this is more likely to happen when a lot of programs are loaded at Startup.

do a Scandisk from pure DOS mode to fix disk errors.

then when reloading Windows, run Registry Editor [REGEDIT.EXE], check the contents of the following registry keys: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" and

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices"

If there are too many entries in any of the three registry keys, start deleting some of them (or use MSCONFIG and on the Startup tab, uncheck the entries that are non-essential).

Edited by erpdude8
Link to comment
Share on other sites

  • 3 months later...

The Anonymous author of unofficial U891711, KERNEL32.DLL, SHELL32.DLL, GDI32.DLL + GDI.EXE patches sent me this message regarding the newly discovered [?] Windows XP/2003/Vista + MS IE 5/6/7 .ANI [animated] cursor security vulnerability accessed through the GDI engine.

M$ *knew* about it and *ignored* it since December 2006 [!].

But only on April 3 2007 M$ issued patches for Windows XP, 2003 + Vista, 32 + 64 bit [if any1 interested]:

http://www.microsoft.com/technet/security/...n/ms07-017.mspx

Guess what... Windows 98 (FE), 98 SP1, 98 SE + ME are already protected [sic! :)] if you install unofficial U891711 fix:

U891711: Unofficial Windows 98/98 SP1/98 SE/ME Q891711.DLL 4.10.2223 + KB891711.EXE 4.10.2227 Fix [119 KB]:

http://www.mdgx.com/files/U891711.EXE

Read U891711.TXT FIRST:

http://www.mdgx.com/files/U891711.TXT

U891711 MSFN forum:

http://www.msfn.org/board/?showtopic=58780

AFAICT, the unofficial KB891711.EXE (4.10.2227) already protects against

the newly discovered animated cursor vulnerability (Win2k, WinXP, Vista).

I hope this helps.

HTH
Link to comment
Share on other sites

How about an actual patch of user32.dll, instead of this work-around?
BenoitRen:

Anonymous author replies to your question:

KB891711 + U891711 (official & unoffical) are not work-arounds 'BenoitRen', but the even better news is: It would have been too time-consuming to search for the code segment in USER.EXE where .ANI files are parsed (not where USER.LoadImage is), but I just happened to come across it the other day, so there will be a Win98SE USER.EXE/USER32.DLL patch (4.10.2234) in due course. A Win98FE patch is far beyond what I can manage to do, even a WinME patch is highly, highly unlikely I am afraid.
HTH

__________________________________

That's really great, thank you for U891711.exe ....which I'm haappy to say I already had installed it previously

I hope Anonymous still is considering releasing Shell32.dll v4.72.3812.640, please

Please see the answer to your request here:

http://www.msfn.org/board/?s=&showtopi...st&p=643804

HTH

Link to comment
Share on other sites

If he found it in Win98 SE's user.exe, it wouldn't be too hard to find in the other versions, no? After all, they're all built on their previous versions instead of rewritten code. I'd like to help looking, but I don't know what to look for, or even how to do it.

Link to comment
Share on other sites

If he found it in Win98 SE's user.exe, it wouldn't be too hard to find in the other versions, no? After all, they're all built on their previous versions instead of rewritten code. I'd like to help looking, but I don't know what to look for, or even how to do it.

In Italy we say:

"Don't spit in the plate where you have been eating".

The plate where you have been eating is this section of MSFN.

Here everybody (anonymous author included) give their contribute, without to force someone to do something.

It's my thought.

Link to comment
Share on other sites

Note that I am offering my help.

Also, being a Windows 95 user, I'm barely fed here.

Right, but without to annoy people, as you've done before.

Edited by Max_04
Link to comment
Share on other sites

galahs + Ninho:

Anonymous author replies to your questions:

'galahs' wrote on Apr 7 2007, 08:50 PM:

> So what is the advantage of using the unofficial Q891711 patch over

> Zerts?

There are 2 advantages:

(1) AFAICT, the latest ZERT patch does not address the previous

vulnerabilities as described in KB891711. It only addresses the most

recent vulnerability, that is, it only checks for the correct length of

any 'anih' chunk.

(2) As 'Ninho' pointed out correctly, "... it is USER.EXE which needs a

patch. USER32 is just a small stub, all the meat is in the 16 bit USER."

Only KB891711.EXE patches USER.EXE.

As an additional note:

> (Ninho) "... on Windows 9x in no case can a "sploit" of this kind cause

> instructions, contained as data in the malicious file, to be handed

> control and executed..."

I would revise this statement: It is virtually impossible (not in no

case) to craft a file that leads to arbitrary code execution under the

segmented memory model. In addition, if the .ANI file was actually parsed

in USER32.DLL the exploit would work under Win9x as it does under Win2k,

WinXP, etc. This is important to remember as, for example, part of an .EMF

file is not parsed in GDI.EXE, but, similar to WinNT, Win2K, WInXP, etc.,

in GDI32.DLL.

HTH
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...