14 Vulnerability ManageMent
But the problem is compounded by the fact that the GDI+ product
is an API. is means that many programmers all over the world can
use a version of the API to perform functions. e installers for these
programs, in some cases, want to be sure they have the right version of
the GDI+ API available. So, they install their own copy. us, some
computer systems could end up with several vulnerable versions of the
API in different parts of the target’s file system. To address this, every
vendor would have to identify and patch their products.
2.3 Creating Vulnerabilities: An Example
Now, let’s walk through a scenario using all of the previously men-
tioned items to understand how bad things happen to well-intentioned
progra ...