Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Detection based on totally unrelated file

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
KL Software
And, this specific program:
K-Lite Mega Codec Pack 1.x

This thread has been marked as locked.
Quotenjugendlicher Detection based on totally unrelated file
Member 21st Sep, 2011 01:04
Ranking: 0
Posts: 2
User Since: 1st Jan, 2008
System Score: N/A
Location: N/A
I already read the other thread about the K-Lite Mega Codec Pack, but it is locked unfortunately. Looking at this data it is obvious, that the detection of it is totally bogus and is actually a detection of PVS-Studio (http://www.viva64.com/en/pvs-studio/).

---START---

Program Name:
K-Lite Mega Codec Pack 1.x

Security State:
Patched

Download Link:


Instances Found:
C:\Program Files (x86)\K-Lite Codec Pack\psvince.dll, version: 1.0.0.0
C:\Program Files (x86)\PVS-Studio\psvince.dll, version: 1.0.0.0

Last System Scan (localtime):
14. Sep 2011, 20:47

Operating System:
Microsoft Windows 7,

---END---

I have no idea why they even bundle this file and since the K-Lite Codec Pack is not actually a program, but just an installer, the bundles several other tools I think it should be totally removed.

This user no longer exists RE: Detection based on totally unrelated file
Member 21st Sep, 2011 09:18
Hi,

We have ensured that the detection for PVS should no longer show up.

However, as your own results show, there is a stand-alone installation of the codec pack, which will remain in your scan results.

Hope this helps.
Was this reply relevant?
+0
-0
Quotenjugendlicher RE: Detection based on totally unrelated file
Member 21st Sep, 2011 19:56
Score: 0
Posts: 2
User Since: 1st Jan 2008
System Score: N/A
Location: N/A
First of all...I mixed up "psv" and "PVS", sorry.

Looking into this a bit more and looking at the file in question:

http://www.vincenzo.net/isxkb/index.php?title=PSVi...

And the "Description" field in the file info actually says "psvince.dll for InnoSetup Extensions". So this file might pop up in each application with an InnoSetup-based installer.

If you really need to detect K-Lite (which is quite impossible and might just be a hack to please customers IMHO) you should look at the mpc-hc.exe since clsid (the guy, who puts together the K-Lite packages) includes a version, that was modified by himself, but I think since he has no indication in the version strings, that it is modified that attempt will fail as well. Maybe the mpciconlib.dll is exclusive to this pack. But the player is optional, so...

IMO that application should just be removed from the list since it just too fragile to detect since it just bundles several other tools. A more complete support of all the libraries and tools included might be more helpful.

BTW - do you handle .ax files as DLLs? The LAV*.ax files include file informations as well.
Was this reply relevant?
+0
-0
Anthony Wells RE: Detection based on totally unrelated file
Expert Contributor 21st Sep, 2011 21:21
Score: 2434
Posts: 3,318
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Sep, 2011 21:27
Hi ,

You do not reference :ie: post the relevant url : for the closed thread you mention .

As I remember , the last time that this subject was raised , I (and I aso believe support) was/were unable to find a common file/reference for any of the various K-Lite packs on offer that would indicate the type and version loaded .

MPC-HC is not in every pack ; where it is , it is optional and when it is installed , it is displayed separately/specifically on the Scan Results page (at least in my experience).

As you point out the psvince.dll is irrelevant to the actual pack version you have loaded and whether it is an "up to date/latest" version ; it does install itself in Program Files and so the PSI probably feels obliged to pick it up and it can find a .dll . However , this is most unlikely to detect or tell you if you have a codec loaded which has a vulnerability ; that would require (as you imply) you (someone) to suggest the "relevant and detectable " file(s) to Secunia for all the varied contents . I personally do not have the time to spare to do this .

I cannot speak for Secunia re the .ax files but they will often use one file to detect a programme and , in cetain cicumstances , another file that can have it's metadata read to give the specific up to date/patched version . They usually do not put that second file in the "Detected Instance" pathway , but if the suitable data was in an .ax file theymight use it . Hopefully , support will respond tomorrow .

Take care

Anthony

PS: To ad further confusion , the PSi displays me as having the "Mega" pack even if I changesd to the "Full" pack some time ago .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability