An email I just received from TiVo:
Recently, a security vulnerability affecting TiVo Desktop for Windows was brought to our attention. The reported vulnerability has been fixed in version 1.3 of the application, which is now available for download.If you have TiVo Desktop for Windows installed on your PC, please go to http://www.tivo.com/desktop/ to download version 1.3 of the TiVo Desktop for Windows application as soon as possible. If you do not have TiVo Desktop for Windows installed on your PC, you do not need to take any action at this time.
Thank you for your attention to this matter and keep enjoying TiVo’s home media features!
– The TiVo Team
All TiVo Desktop for Windows Users: TiVo Security Advisory
Date Released: October 25, 2004
Affected Software
TiVo Desktop for Windows 1.0
TiVo Desktop for Windows 1.1
TiVo Desktop for Windows 1.2Description
A vulnerability with Microsoft’s gdiplus.dll file installed with TiVo Desktop for Windows has been identified. This vulnerability may allow arbitrary code execution if an infected JPG file is previewed in the TiVo Desktop for Windows application.You can find out more information about the GDI+ vulnerability (which may affect+other applications you use) here: http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Recommended Action
All TiVo Desktop for Windows users should upgrade to the latest version of TiVo Desktop for Windows, which contains an updated version of Microsoft’s gdiplus.dll file.
