Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Conflicting reports from two copies of PSI about MS Access 2003, ...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
RichardPrice Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 4th Dec, 2009 19:03
Ranking: 1
Posts: 13
User Since: 27th Nov, 2008
System Score: N/A
Location: N/A
I've read several previous threads about problems with Microsoft Access being incorrectly reported as insecure, without finding a solution. What may be different in my case is that I'm running two copies of PSI on the same computer (one in 32-bit Vista, the other in 64-bit Windows 7 on two separate hard drives in a dual boot system), and they disagree with each other!

I've installed MS Office 2003 and fully patched it (according to Windows Update) in each operating system. The following files appear to be identical in both (only the path includes "Program Files (x86)" in Win7):

C:\Program Files\MSACCESS.EXE file version 11.0.8166.0
C:\Program Files\INFOPATH.EXE file version 11.0.8165.0
C:\Program Files\Common Files\microsoft shared\OFFICE11\MSO.DLL 11.0.8221.0

In each OS, the Help About for Access reports the version as 11.8166.8221 and for InfoPath as 11.8165.8221.

In Vista, PSI v1.5.0.0 reports all four programs (i.e. the two installed versions of Access and of InfoPath) correctly as fully patched, version 11.0.8221.0. In Windows 7, PSI v1.5.0.1 agrees as far as the copies on my Vista drive are concerned, but for the copies on the Windows 7 drive it reports Access as version 11.0.8166.0 and InfoPath as version 11.0.8165.0, and both as insecure!

I've included MSO.DLL above because KB953404 (mentioned in some of the other threads) leads to MS08-055 which claims to update only that file, to the version that I already have.

Is this a more subtle problem with MS Office, or an issue with PSI under 64-bit Windows 7, or just a problem with PSI v1.5.0.1 ?

Incidentally, I've rebooted each OS more than once, and rescanned several times in Windows 7.

Richard Price

undelay RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 6th Dec, 2009 13:27
Score: 0
Posts: 25
User Since: 26th Nov 2009
System Score: N/A
Location: N/A
Before calling this any kind of error on the part of PSI or Microsoft, I suppose the pertinent thing to ask is:

Did you install Office within each operating system, or did you install Office in the same place for both? By this, I mean the same exact path, such as c:\Program Files (x32)\Microsoft Office? If so, this could be the cause of your error and I would recommend installing Office within and fully contained within the partition it is operating and being called from. To put it more simply, install it in both OSes, and make sure you do one in (for example) C: and the other in D:.

If this is not the problem, it is possible that the scan by PSI could be in error. If you find this to be a possible cause, after excluding every other possibility, I would advise you send an email to vuln@secunia.com and include screen captures (or a link to them, which would probably be better) along with the relevant details.

Best wishes in your search for the answer.
Was this reply relevant?
+0
-0
RichardPrice RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 6th Dec, 2009 17:19
Score: 1
Posts: 13
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
Last edited on 6th Dec, 2009 17:21
undelay - thanks for your comments. To answer your question: I did install Office separately and totally within the system drive of each operating system - there are no components overlapping as far as I know.

I didn't want to complicate my previous post with the various drive letters, but perhaps it is worth explaining - it does get slightly confusing because Vista and Win7 are both clever enough to rearrange drive letters so that their system drive is named C:, regardless of the hardware 'order', so the drive letters change around when I switch operating systems.

So, when I'm running Vista, PSI v1.5.0.0 sees:

(1) Office installed on its own (Vista) system drive in C:\Program Files
(2) Office installed on the Windows 7 drive in E:\Program Files (x86)

and pronounces them both good. When I'm running Windows 7, PSI v1.5.0.1 sees:

(3) Office installed on its own (Windows 7) system drive in C:\Program Files (x86) (this is the one in line (2) above)
(4) Office installed on the Vista drive in D:\Program Files (this is the one in line (1) above)

and pronounces (4) as good but (3) as out of date.

I hope that makes sense, and that it it is what you meant by "fully contained within the partition it is operating and being called from".

Richard
Was this reply relevant?
+0
-0
undelay RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 6th Dec, 2009 17:50
Score: 0
Posts: 25
User Since: 26th Nov 2009
System Score: N/A
Location: N/A
And that is partially why I had asked - this can be especially confusing if the user is not aware that Windows, in fact, does this. Being this way, it could potentially create a problem when installing the same program in different partitions, and some users might opt to install the program into the same destination trying to save on the disc space cost.

Anyhow, I'm glad you are aware of this, and can note the difference ... and I'm a bit perplexed by this problem. I can't really think of anything else that could cause this, other than some Dynamic Link Library attached, yet I doubt PSI loads any dependencies to verify. As such, I would assume (which I think is safe) that this would be a version number check, which you seem to have done.

If I were you, it may be worthwhile to wait for Maurice to see this post, he seems to have a bit more knowledge on this topic than I do - I do not use Office 2007. I do seem to recall a post Maurice made referring to registry values that relate to the version numbers - there could be an error there somewhere?

I'm going to ask one other question that might have some relevance here:

Have you used any utilities on one OS but not the other? For example, CCleaner, Spybot S&D, or others? Anything that might have scanned the registry and made "suggested" changes in one OS and not the other could - remote possibility, I know - be a cause of this problem.

It may be worthwhile to verify that the third party tools installed in one OS are in the other also. I realise it is hard to make sure you do everything in both, since they can't run simultaniously. Thus, using checklists (which I hate) might be useful in this particular instance.

Other than that, I'm out of ideas. Best of luck to you on finding the cause of this and preventing it in the future.
Was this reply relevant?
+0
-0
RichardPrice RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 6th Dec, 2009 20:07
Score: 1
Posts: 13
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
@undelay: "I can't really think of anything else that could cause this, other than some Dynamic Link Library attached, yet I doubt PSI loads any dependencies to verify. As such, I would assume (which I think is safe) that this would be a version number check, which you seem to have done."

Actually, I think it must be looking beyond the .exe file - as mentioned in my first post, MSACCESS.EXE has a file version of 11.0.8166.0 and a product version of 11.0.8166 (in file properties under Details), but for all the cases where PSI reports Access 2003 as up to date it (PSI) reports a version number of 11.0.8221.0. It must be getting the 8221 from somewhere else, like for example MSO.DLL which has a version number of 11.0.8221.0. Within Access itself the Help About gives a hybrid version number of 11.8166.8221. MSO.DLL itself seems to be identical in the two installations, but perhaps there's another DLL which is being taken by PSI v1.5.0.1 as defining the version number.

@undelay: "Have you used any utilities on one OS but not the other? For example, CCleaner, Spybot S&D, or others?"

I haven't used anything like that on Windows 7, where the problem is occurring - it's a fresh installation that I've hardly used yet. My Vista installation is a bit older, and I have tried a couple of registry cleaner utilities advertised as free in the Windows Secrets newsletter. I think in each case I found that they would only report on registry issues for free and that I would have to subscribe to get any actual cleaning done, at which point I gave up and uninstalled them (so I don't remember which ones they were!), but I might be wrong, and they could have done some limited cleaning. But since the Vista installation of Office 2003 is getting a clean bill of health from both copies of PSI, I'm not sure whether that's relevant.

@undelay: "If I were you, it may be worthwhile to wait for Maurice to see this post"

I was certainly planning to do that.

Thanks again for your comments.

Richard
Was this reply relevant?
+0
-0
Anthony Wells RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Expert Contributor 6th Dec, 2009 20:24
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Just a thought while you wait , if you use the "open folder" link in the toolbox in each of your 4 instances do you go to/see exactly the same thing in the explorer directory and folder files ??

You probably did this ... :)

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
undelay RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 6th Dec, 2009 20:28
Score: 0
Posts: 25
User Since: 26th Nov 2009
System Score: N/A
Location: N/A
Anthony is good too :)

And I missed that this is Office 2003, which I have, but not Access. Apologies for skimming and not reading.
Was this reply relevant?
+0
-0
undelay RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 7th Dec, 2009 03:23
Score: 0
Posts: 25
User Since: 26th Nov 2009
System Score: N/A
Location: N/A
Here is the thread I'm referring to, although it doesn't really give much information. I'm not sure where in the registry the info is, but if you want to go looking (look but don't touch style), run "regedit" and do a search for MSACCESS.EXE

Thread: http://secunia.com/community/forum/thread/show/311...
Was this reply relevant?
+0
-0
This user no longer exists RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 7th Dec, 2009 19:41
Hi Richard.
In the windows 7 compatibility list you must have MSOffice 2003 slipstreamed with SP3 .
To find more about that go ,visit this site:
http://www.sevenforums.com/tutorials/316-compatibi...
Wish you solve your problem .
John.
win-XpPro-SP3+Office2033-Pro-SP3+IE8
Was this reply relevant?
+0
-0
RichardPrice RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 7th Dec, 2009 19:46
Score: 1
Posts: 13
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
@Anthony Wells: 'if you use the "open folder" link in the toolbox in each of your 4 instances do you go to/see exactly the same thing in the explorer directory and folder files ?'

Er... unless I'm missing something, that's quite difficult to answer. In all 4 cases the OFFICE11 folder contains 209 items, of which 22 are sub-folders, with an overall total of 1078 files in 43 folders. As previously mentioned, the size, date(1) and version number in file Properties are in agreement for MSACCESS.EXE, INFOPATH.EXE and MSO.DLL, but I don't see an easy way to check that for all 1078 files.

I have done a directory listing (of the OFFICE11 folder only) in a DOS window for each case, saved to a text file, then a DOS file compare. Unsurprisingly, each installation looks the same whichever OS I list it from. Comparing the two installations this way doesn't work because of the time zone issue(1).

However, there is one indication of a difference: the total file size of the OFFICE11 folder is 300,378,663 bytes in the Vista case and 300,249,151 bytes in Windows 7 (and I do mean size, not 'size on disk' which could obviously vary due to different cluster sizes, although in fact the two drives are identical AFAIK). Now how do I track down which file(s) are responsible for this 0.04% difference?!

(1) Except for some reason all the file modified times are exactly one hour later in the Windows 7 installation than in the Vista installation - presumably some sort of daylight saving time issue?

Richard
Was this reply relevant?
+0
-0
RichardPrice RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 7th Dec, 2009 19:52
Score: 1
Posts: 13
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
undelay - thanks for the link, and it does look like a similar issue in that thread. As already mentioned, my .exe files do have identical version numbers; when I searched the registry for msaccess.exe I found dozens of references but none of them was obviously a version number.

Richard
Was this reply relevant?
+0
-0
RichardPrice RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 7th Dec, 2009 20:12
Score: 1
Posts: 13
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
jeangeorges - are you sure Office 2003 needs XP SP3 compatibility mode set explicitly? It seems to run OK without it. Nevertheless, I did try setting that mode for MSACCESS.EXE in Windows 7, then rescanned it with PSI, but it made no difference (still a Category 4 threat).

Richard
Was this reply relevant?
+0
-0
Anthony Wells RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Expert Contributor 7th Dec, 2009 20:16
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 7th Dec, 2009 20:32
Richard ,

Secunia/PSI detection rules are not always based on the obvious files when checking version numbers .

I was wondering if the toolbox link showed the same highlighted files or merely opened a general folder .

If finding the possibly offending file and/or the reason for the folder size discrepancy is too complex ; then with an email request to support@secunia.com , they might be able to tell you where their rules "look" and where you should look to check .

There was a recent MS update - high priority but not security - concerning time setting for XP **.

Belarc will tell you if it considers all updates are set .

Maybe something here to hrlp you .

Anthony

PS: EDIT : Seems to apply to other OS , see here :-

http://support.microsoft.com/kb/976098

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
This user no longer exists RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 7th Dec, 2009 20:16
Richard.
If you visit microsoft compatibility site for Win7 you si for yourself what is recommanded for programs to run with the new MS platform.
Wish you the best.
John.
Was this reply relevant?
+0
-0
RichardPrice RE: Conflicting reports from two copies of PSI about MS Access 2003, InfoPath 2003
Member 11th Dec, 2009 16:54
Score: 1
Posts: 13
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
I'm glad to report that the original problem is resolved now, presumably due to my accepting the Security Update for Microsoft Office 2003 (KB975051) offered by Windows Update a couple of days ago, in both OS's. Interestingly, both Access 2003 and InfoPath 2003 are still reported by PSI v1.5.0.0 in 32-bit Vista as version 11.0.8221.0, as they already were; the only difference is that now PSI v1.5.0.1 in 64-bit Windows 7 agrees with that.

Richard
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability