Microsoft Edge Try Microsoft Edge A fast and secure browser that's designed for Windows 10 Get started

Skip to main content
Microsoft
Microsoft Support
  • Office
  • Windows
  • Surface
  • Xbox
  • Deals
  • Support
      • Windows apps
      • OneDrive
      • Outlook
      • Skype
      • OneNote
      • PCs & tablets
      • Accessories
      • VR & mixed reality
      • Microsoft HoloLens
      • Xbox games
      • PC games
      • Windows digital games
      • Movies & TV
      • Books
      • Microsoft Azure
      • Microsoft Dynamics 365
      • Microsoft 365
      • Cloud platform
      • Enterprise
      • Data platform
      • .NET
      • Visual Studio
      • Windows Dev Center
      • Docs
      • Microsoft Store
      • Free downloads & security
      • Education
      • Store locations
      • Gift cards
    • View all
    0
    Sign in
    Microsoft Support

    MS13-054: Description of the security update for Windows GDI+: July 9, 2013

    Content provided by Microsoft

    Content provided by Microsoft


    View products that this article applies to.

    Introduction

    This update resolves a vulnerability that could allow remote code execution on a client system if a user opens a specially crafted document or visits a specially crafted webpage that embeds TrueType font files.

    Summary

    Microsoft has released security bulletin MS13-054. To view the complete security bulletin, go to one of the following Microsoft websites:
    • Home users:
      http://www.microsoft.com/security/pc-security/updates.aspx
      Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now:
      http://update.microsoft.com/microsoftupdate
    • IT professionals:
      http://technet.microsoft.com/security/bulletin/MS13-054

    How to obtain help and support for this security update

    Help installing updates: Support for Microsoft Update

    Security solutions for IT professionals: TechNet Security Troubleshooting and Support

    Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

    Local support according to your country: International Support

    More information about this security update

    Download information

    This update is available for download from the Microsoft Download Center:
    Windows XP Service Pack 3 (32-bit)

    Windows XP Professional Service Pack 2 (64-bit)

    Windows Server 2003 Service Pack 2 (32-bit)

    Windows Server 2003 Service Pack 2 (64-bit)

    Windows Server 2003 Service Pack 2 (IA-64)

    Windows Vista Service Pack 2 (32-bit)

    Windows Vista Service Pack 2 (64-bit)

    Windows Server 2008 Service Pack 2 (32-bit)

    Windows Server 2008 Service Pack 2 (64-bit)

    Windows Server 2008 Service Pack 2 (IA-64)

    Windows Server 2008 Service Pack 2 (Server Core) (32-bit)

    Windows Server 2008 Service Pack 2 (Server Core) (64-bit)

    Windows 7 Service Pack 1 (32-bit)

    Windows 7 Service Pack 1 (64-bit)

    Windows Server 2008 R2 Service Pack 1 (64-bit)

    Windows Server 2008 R2 Service Pack 1 (Server Core) (64-bit)

    Windows Server 2008 R2 Service Pack 1 (IA-64)


    Restart information

    You must restart the computer after you install this security update.

    Removal information

    Note We do not recommend that you remove any security update.
    For Windows XP, Windows XP Professional x64 Edition, and Windows Server 2003
    To remove this security update, use the Add or Remove Programs item in Control Panel.

    Additionally, you can use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB2834886$\Spuninst folder.
    For Windows Vista or Windows Server 2008 and later versions
    To remove an update installed by Windows Update Stand-alone Installer (Wusa.exe), use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates. Then, select from the list of updates.

    Security update replacement information

    This security update replaces MS12-034: Description of the security update for Windows GDI+: May 8, 2012 .
    File information
    The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
    Windows XP and Windows Server 2003 file information notes
    • In addition to the files that are listed in these tables, this hotfix also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

    For all supported x86-based versions of Windows XP
    File nameFile versionFile sizeDateTimePlatformSP requirementService branch
    Gdiplus.dll5.2.6002.230841,748,99210-Apr-201310:45x86NoneNot Applicable
    Gdiplus.manNot Applicable39810-Apr-201310:46Not ApplicableNoneNot Applicable
    Gdiplus.manNot Applicable60810-Apr-201310:46Not ApplicableNoneNot Applicable
    Gdiplus.dll5.2.6002.230841,748,99210-Apr-201310:45x86SP3SP3QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable39810-Apr-201310:46Not ApplicableSP3SP3QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable60810-Apr-201310:46Not ApplicableSP3SP3QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
    For all supported x86-based versions of Windows Server 2003
    File nameFile versionFile sizeDateTimePlatformSP requirementService branch
    Gdiplus.dll5.2.6002.230841,748,99213-Apr-201302:51x86SP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable39813-Apr-201302:52Not ApplicableSP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable60805-Apr-201310:03Not ApplicableSP2SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
    For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 Edition
    File nameFile versionFile sizeDateTimePlatformSP requirementService branch
    Gdiplus.dll5.2.6002.230842,193,40813-Apr-201315:35x64SP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable40013-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable61213-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
    Gdiplus.dll5.2.6002.230841,748,99213-Apr-201315:35x86SP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable39813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable60813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\POLICY\MSFT\WINDOWS\GDIPLUS
    For all supported IA-64-based versions of Windows Server 2003
    File nameFile versionFile sizeDateTimePlatformSP requirementService branch
    Gdiplus.dll5.2.6002.230844,912,12813-Apr-201315:35IA-64SP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable39913-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable61013-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS
    Gdiplus.dll5.2.6002.230841,748,99213-Apr-201315:35x86SP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable39813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\MSFT\WINDOWS\GDIPLUS
    Gdiplus.manNot Applicable60813-Apr-201315:35Not ApplicableSP2SP2QFE\ASMS\X86\10\POLICY\MSFT\WINDOWS\GDIPLUS
    Windows Vista and Windows Server 2008 file information notes
    • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.

      VersionProductMilestoneService branch
      6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
      6.0.6002.23xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
    • Service Pack 1 is integrated into the original release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
    • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
    • The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

    For all supported x86-based versions of Windows Vista and of Windows Server 2008
    File nameFile versionFile sizeDateTimePlatform
    Gdiplus.dll5.2.6002.188131,748,99203-Apr-201303:56x86
    Gdiplus.dll5.2.6002.230841,748,99203-Apr-201302:27x86
    Gdiplus.dll6.0.6002.188131,838,59203-Apr-201303:56x86
    Gdiplus.dll6.0.6002.230841,838,59203-Apr-201302:27x86
    For all supported x64-based versions of Windows Vista and of Windows Server 2008
    File nameFile versionFile sizeDateTimePlatform
    Gdiplus.dll5.2.6002.188132,192,89603-Apr-201304:15x64
    Gdiplus.dll5.2.6002.230842,193,40803-Apr-201303:40x64
    Gdiplus.dll6.0.6002.188132,424,32003-Apr-201304:15x64
    Gdiplus.dll6.0.6002.230842,424,32003-Apr-201303:40x64
    Gdiplus.dll5.2.6002.188131,748,99203-Apr-201303:56x86
    Gdiplus.dll5.2.6002.230841,748,99203-Apr-201302:27x86
    Gdiplus.dll6.0.6002.188131,838,59203-Apr-201303:56x86
    Gdiplus.dll6.0.6002.230841,838,59203-Apr-201302:27x86
    For all supported IA-64-based versions of Windows Server 2008
    File nameFile versionFile sizeDateTimePlatform
    Gdiplus.dll5.2.6002.188134,911,10403-Apr-201303:32IA-64
    Gdiplus.dll5.2.6002.230844,912,12803-Apr-201302:19IA-64
    Gdiplus.dll6.0.6002.188135,266,94403-Apr-201303:32IA-64
    Gdiplus.dll6.0.6002.230845,266,94403-Apr-201302:19IA-64
    Gdiplus.dll5.2.6002.188131,748,99203-Apr-201303:56x86
    Gdiplus.dll5.2.6002.230841,748,99203-Apr-201302:27x86
    Gdiplus.dll6.0.6002.188131,838,59203-Apr-201303:56x86
    Gdiplus.dll6.0.6002.230841,838,59203-Apr-201302:27x86
    Windows 7 and Windows Server 2008 R2 file information notes
    • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

      VersionProductMilestoneService branch
      6.1.7601.18xxxWindows 7 and Windows Server 2008 R2 SP1GDR
      6.1.7601.22xxxWindows 7 and Windows Server 2008 R2SP1LDR

    • The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

    For all supported x86-based versions of Windows 7
    File nameFile versionFile sizeDateTimePlatform
    Gdiplus.dll5.2.7601.181201,723,39203-Apr-201304:50x86
    Gdiplus.dll5.2.7601.222901,723,39203-Apr-201304:25x86
    Gdiplus.dll6.1.7601.181201,625,08803-Apr-201304:50x86
    Gdiplus.dll6.1.7601.222901,626,11203-Apr-201304:25x86
    For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
    File nameFile versionFile sizeDateTimePlatform
    Gdiplus.dll5.2.7601.181202,293,24803-Apr-201305:46x64
    Gdiplus.dll5.2.7601.222902,293,24803-Apr-201305:16x64
    Gdiplus.dll6.1.7601.181202,165,76003-Apr-201305:46x64
    Gdiplus.dll6.1.7601.222902,166,27203-Apr-201305:16x64
    Gdiplus.dll5.2.7601.181201,723,39203-Apr-201304:50x86
    Gdiplus.dll5.2.7601.222901,723,39203-Apr-201304:25x86
    Gdiplus.dll6.1.7601.181201,625,08803-Apr-201304:50x86
    Gdiplus.dll6.1.7601.222901,626,11203-Apr-201304:25x86
    For all supported IA-64-based versions of Windows Server 2008 R2
    File nameFile versionFile sizeDateTimePlatform
    Gdiplus.dll5.2.7601.181204,923,39203-Apr-201304:30IA-64
    Gdiplus.dll5.2.7601.222904,923,39203-Apr-201304:23IA-64
    Gdiplus.dll6.1.7601.181204,602,36803-Apr-201304:30IA-64
    Gdiplus.dll6.1.7601.222904,603,90403-Apr-201304:23IA-64
    Gdiplus.dll5.2.7601.181201,723,39203-Apr-201304:50x86
    Gdiplus.dll5.2.7601.222901,723,39203-Apr-201304:25x86
    Gdiplus.dll6.1.7601.181201,625,08803-Apr-201304:50x86
    Gdiplus.dll6.1.7601.222901,626,11203-Apr-201304:25x86


    Applies to

    This article applies to the following:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2 
    Last Updated: Jul 11, 2013
    • Email
    • Print
    Thanks! Your feedback will help us improve the support experience.

    What's new

    • Surface Book 2
    • Surface Pro
    • Xbox One X
    • Xbox One S
    • VR & mixed reality
    • Windows 10 apps
    • Office apps

    Store & Support

    • Account profile
    • Download Center
    • Sales & support
    • Returns
    • Order tracking
    • Store locations
    • Support
    • Buy online, pick up in store

    Education

    • Microsoft in education
    • Office for students
    • Office 365 for schools
    • Deals for students & parents
    • Microsoft Azure in education

    Enterprise

    • Microsoft Azure
    • Enterprise
    • Data platform
    • Find a solutions provider
    • Microsoft partner resources
    • Microsoft AppSource
    • Manufacturing & resources
    • Financial services

    Developer

    • Microsoft Visual Studio
    • Windows Dev Center
    • Developer Network
    • TechNet
    • Microsoft Virtual Academy
    • Microsoft developer program
    • Channel 9
    • Office Dev Center

    Company

    • Careers
    • About Microsoft
    • Company news
    • Privacy at Microsoft
    • Investors
    • Diversity and inclusion
    • Accessibility
    • Security
    English (United States)
    • Contact us
    • Terms of use
    • Privacy & cookies
    • Trademarks
    • © Microsoft 2018
    This site in other countries/regions
    Algérie - Français
    Argentina - Español
    Australia - English
    Belgique - Français
    België - Nederlands
    Bolivia - Español
    Bosna i Hercegovina - Hrvatski
    Brasil - Português
    Canada - English
    Canada - Français
    Chile - Español
    Colombia - Español
    Costa Rica - Español
    Crna Gora - Srpski
    Danmark - Dansk
    Deutschland - Deutsch
    Dominican Republic - Español
    Ecuador - Español
    Eesti - Eesti
    El Salvador - Español
    España - Español
    Estados Unidos - Español
    France - Français
    Guatemala - Español
    Hong Kong SAR - English
    Hrvatska - Hrvatski
    India - English
    Indonesia (Bahasa) - Bahasa
    Ireland - English
    Italia - Italiano
    Latvija - Latviešu
    Lietuva - Lietuvių
    Luxembourg - Français
    Magyarország - Magyar
    Malaysia - English
    Maroc - Français
    México - Español
    Nederland - Nederlands
    New Zealand - English
    Norge - Bokmål
    Panamá - Español
    Paraguay - Español
    Perú - Español
    Philippines - English
    Polska - Polski
    Portugal - Português
    Puerto Rico - Español
    România - Română
    Schweiz - Deutsch
    Singapore - English
    Slovenija - Slovenščina
    Slovensko - Slovenčina
    South Africa - English
    Srbija - Srpski
    Suisse - Français
    Suomi - Suomi
    Sverige - Svenska
    Tunisie - Français
    Türkiye - Türkçe
    United Kingdom - English
    United States - English
    Uruguay - Español
    Venezuela - Español
    Việt Nam - Tiếng việt
    Ísland - Íslenska
    Österreich - Deutsch
    Česká Republika - Čeština
    Ελλάδα - Ελληνικά
    България - Български
    Казахстан - Русский
    Россия - Русский
    Україна - Українська
    ישראל - עברית
    الإمارات العربية المتحدة - العربية
    المملكة العربية السعودية - العربية
    مصر - العربية
    भारत - हिंदी
    ไทย - ไทย
    中国 - 简体中文
    台灣 - 繁體中文
    日本 - 日本語
    香港特別行政區 - 繁體中文
    대한민국 - 한국어