Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: PSI Not detecting Irfanview plugins as separate component
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
All Threads
| howiem9999 | PSI Not detecting Irfanview plugins as separate component |
|---|---|
 |
7th Apr, 2009 22:20 |
|
Ranking: 2 Posts: 31 User Since: 8th Dec, 2008 System Score: 100% Location: TH |
Re: [SA34525] IrfanView Formats Plug-in XPM Integer Overflow Vulnerability PSI scanner does not detect the Irfanview Plugin, only the main program. The advisory indicates that there should be a plugins version 4.23 , but the plugins version is still 4.22 at the product "View" link. If IrfanView plugins version 4.23 has been released, I'd like to get the link to it. -- howiem |
| Maurice Joyce | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
7th Apr, 2009 23:18 | ||||||||
| Score: 10539 Posts: 8,115 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Here U go http://fileforum.betanews.com/detail/IrfanView/967... -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| howiem9999 | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
|
8th Apr, 2009 00:37 | ||||||||
| Score: 2 Posts: 31 User Since: 8th Dec 2008 System Score: 100% Location: TH |
Maurice, That link is to the main program Irfanview 4.23. The plugins is a separate download and install. The link to the plugins on the page you gave me is to version 4.22, not 4.23. -- howiem |
||||||||
|
|||||||||
| Maurice Joyce | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
|
8th Apr, 2009 00:51 | ||||||||
| Score: 10539 Posts: 8,115 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 8th Apr, 2009 00:52 |
Whoops - try this http://irfanview.com/plugins.htm I think U will see a 4.23 & 4.24 at the bottom of the page. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| howiem9999 | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
|
8th Apr, 2009 01:17 | ||||||||
| Score: 2 Posts: 31 User Since: 8th Dec 2008 System Score: 100% Location: TH |
Not really. Those are only components of the plugins module, and there is a note on that page that says they were incorporated into version 4.22 of the plugins. My guess is that the plugins module 4.23 has not been posted yet. I also note that the PSI scanner does not detect the plugins, because there is no program in it called plugins.exe, rather it has a couple of specific .exe files and the rest of the plugins are .dlls or non-executables. The only two .exe files in the plugins download are : IV_Player.exe v. 3.35 Slideshow.exe v. 4.22 (but this one comes with the main program) So I don't know which file can be used to detect the current version. -- howiem |
||||||||
|
|||||||||
| Maurice Joyce | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
|
8th Apr, 2009 09:45 | ||||||||
| Score: 10539 Posts: 8,115 User Since: 4th Jan 2009 System Score: 100% Location: UK |
I suspect U are absolutely correct. I do not use the programme but had a good look around for for anything 4.23 in trying to help - most of what are saw pointed back to 4.22 -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 SP1 16GB RAM |
||||||||
|
|||||||||
| howiem9999 | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
|
8th Apr, 2009 17:07 | ||||||||
| Score: 2 Posts: 31 User Since: 8th Dec 2008 System Score: 100% Location: TH |
I suspect you use the version number in the properties dialog box, so unless you can get the vendor to use some kind of plugins.exe file in the plugins folder, it looks like this will remain a problem. -- howiem |
||||||||
|
|||||||||
| Alan_Baxter | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
|
11th Apr, 2009 18:44 | ||||||||
| Score: 0 Posts: 61 User Since: 1st Mar 2009 System Score: N/A Location: US Last edited on 11th Apr, 2009 19:12 |
Plugins module 4.23 has finally been posted. It includes version 4.23 of formats.dll, the patched version referenced in the Secunia advisory. I've installed it and verified the version number. http://irfanview.com/plugins.htm BTW, thank you for the heads-up, howiem9999. I wouldn't have known about this vulnerability if you hadn't posted. I'll make a request to Secunia to include the IrfanView plugin DLLs in its scan. |
||||||||
|
|||||||||
| howiem9999 | RE: PSI Not detecting Irfanview plugins as separate component | ||||||||
|
|
11th Apr, 2009 23:16 | ||||||||
| Score: 2 Posts: 31 User Since: 8th Dec 2008 System Score: 100% Location: TH |
Alan, I did get that update yesterday. I've run into other programs that have similar updating complexities (or where the vendor forgets to update the properties). Fortunately so far they have not yet become security issues. And as long as kudos seem to be in order, I very much appreciate the work you guys do to make computer security a "less tangled web". -- howiem |
||||||||
|
|||||||||
