navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Acces...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
Jonny109 Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Member 7th Apr, 2010 21:10
Ranking: 0
Posts: 4
User Since: 7th Apr, 2010
System Score: 100%
Location: UK
Hi all,

I am tried to remove the PowerPoint Viewer 2007 but I cant seem to find any way. Can anybody help?

Also I am trying to remove the Microsoft Data Access Components (MDAC) 2.x but gain I cant seem to find any way? Can anybody help?

these have been found to be a vulnerability by Secunia PSI

Thanks
Jonny

Post "RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x" has been selected as an answer.
Maurice Joyce RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Handling Contributor 7th Apr, 2010 21:29
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Jonny,
It is a bit difficult to give accurate advice until we know the OS U are using a the paths to the vulnerabilities.

FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next.

Revision 1



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
Jonny109 RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Member 8th Apr, 2010 15:36
Score: 0
Posts: 4
User Since: 7th Apr 2010
System Score: 100%
Location: UK
Hi,
Maurice Joyce

For the Microsoft Office PowerPoint Viewer 2007 vulnerability. This is on all three of our computers. They all have Microsoft Office Home and student 2007.
He is the technical details ( These are the same on all 3 PC's):

Version Detected:
12.0.6414.1000

Installation Path:
C:\Program Files\Microsoft Office\Office12\PPTVIEW.EXE

For the Microsoft Data Access Components (MDAC) 2.x vulnerability. This is on only one computer the Dell. He is the technical details:

Version Detected:
2.81.1117.0

Installation Path:
C:\i386\msadox.dll

__________________________________________________ ____________

Computer 1

Dell Dimension 9200
Operating System: Microsoft Windows XP Media Center Edition Service Pack 3
32-bit operating system

Computer 2

Tiny Computers
Operating system: Microsoft Windows XP Home edition Service Pack 3
32-bit operating system

Computer3

Toshiba Laptop- Equium A100- 027
Operating system: Microsoft Widows Vista Home Premium
32-bit Operating system

__________________________________________________ ____________

I hope this helps

Thanks
Jonny






Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Handling Contributor 8th Apr, 2010 16:27
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Jonny,
Thank U. We will do this in two stages because the info is fairly lengthy.

Firstly, the i386 folder has no exposure and can be ignored. Perhaps this summary will help U to set up your 3 PC's to prevent this type of false alarm in the future.

SETTING UP PSI IN THE ADVANCED MODE
+++++++++++++++++++++++++++++++++++

1. Open PSI by clicking the System tray icon or right click the icon & select Reload Interface.

2.Select the OVERVIEW tab.

3. In the top right corner U will see INTERFACE MODE - SIMPLE/ADVANCED. To be in the advanced mode the word SIMPLE should be blue and advanced black.

4. If advanced is blue click it. A message about advanced users may appear - ignore it - using the advanced mode is easy.

SETTING UP PSI FOR MAXIMUM ASSISTANCE
+++++++++++++++++++++++++++++++++++++

1. Click on the SETTINGS tab.

2. The top box should be empty & the two remaining boxes ticked.

3. Right at the bottom is a facility to create a Global Ignore Rule. By default PSI will scan & publish the results of all the hard drives on a PC. OEM partition (reinstallation) drives (normally drive D),second internal or external drives SOLELY used to backup your work & C:\Windows\i386 which can be ignored as they have no exposure. To save confusion in the future U may consider it a good idea to create some Global rules now.

4. A separate Ignore Rule is required for each drive which can be set up as follows:

a.Click on CREATE IGNORE RULE

b.In the RULE NAME BOX insert something like MY BACKUP DRIVE (MY PARTITION DRIVE)

c.In the RULE BOX type D:\(or the drive letter U wish to ignore - For folder i386 use C:\Windows\i386).

d.Click SAVE IGNORE RULE>CLOSE

All drives will continue to be scanned by default but the result from the ignored list will not be published.

This thread may also be of help in understanding the advanced mode:
http://secunia.com/community/forum/thread/show/375...

Revision 3




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Maurice Joyce RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Handling Contributor 8th Apr, 2010 16:29
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Jonny,
This will clear up Powerpoint.

POWER POINT VIEWER EMBEDDED IN MICROSOFT OFFICE 2007
================================================== =

The only reason the Office suite has the PPTVIEW file embedded is to facilitate the option to use it when the PUBLISH & PACKAGE TO CD command is evoked.

Office Suite users have 2 options:
1. Rename the insecure file - details are at 1. below. This will remove the insecurity.

2. If U are a regular user of the PUBLISH & PACKAGE TO CD command carry out a self help work around.

WORK AROUND.
I apologise for the length of the work around. Hopefully it will result in the most novice user being able to update their expensive Office Suite to full unlimited functionality.

1.Click START>select RUN>copy & paste this into the box (if using Vista or Windows 7 type it in the search box) - C:\Program Files\Microsoft Office\Office12 - now click OK.
2. From the window that opens scroll down & look for a file called PPTVIEW.EXE - Right click on it & RENAME it PPTVIEW.EXE_OLD
3. Close all open windows.

The insecurity reported by PSI has been removed.
================================================

INSTALLING THE UPDATED FILE.(ONLY REQUIRED IF U USE THE PUBLISH & PACKAGE TO CD COMMAND)

1.Download this file and SAVE to DESKTOP - http://www.microsoft.com/downloads/details.aspx?fa...
2.For best results you need to download & install this programme: http://www.filehippo.com/download_7-zip/
3. Once 7Zip is installed right click on the Microsoft downloaded file on the desktop>scroll down to 7Zip and select OPEN ARCHIVE
4. A window will open - Look for this file (0) 1013280 right click on it>scroll down to 7Zip and select OPEN INSIDE - now look for a file pptview.msp - scroll down to 7Zip and select OPEN INSIDE - now look for a file PATCH_CAB near the bottom of the page.
6. Right click on PATCH_CAB>scroll down to 7Zip and select OPEN - a separate window will open showing the file PPTVIEW_0001 - this is the file U want to patch your Office set up.
7. Right click on file PPTVIEW_0001 - select COPY TO - a box will appear - copy & paste this into the "Copy To" box - C:\Program Files\Microsoft Office\Office12\ then click OK (Nothing appears to happen but keep the faith)
8. Close all open windows.

COMPLETING THE UPDATE.

1.Click START>select RUN>copy & paste this into the box (if using Vista or Windows 7 type it in the search box) - C:\Program Files\Microsoft Office\Office12
2.Scroll & look for 2 files:
PPTVIEW.EXE_0001
PPTVIEW.EXE_OLD
3.Right Click on the PPTVIEW.EXE_0001 file>select RENAME & rename it PPTVIEW.EXE (The icon will change to reflect it is a Microsoft active file)
4.Right Click on PPTVIEW.EXE_OLD and select DELETE.

Your Microsoft Office 2007 is now secure & fully functional.

U can now remove the Microsoft downloaded file from the desktop & uninstall 7Zip via Add/Remove if no longer required.

Version 4


This solution was produced by @Spectralkinesis - it achieves the same result as my post above.

I came up with a simple fix for this problem - just install the application.

THE PROBLEM: Secunia was reporting PPTVIEW.EXE as insecure. It was mind boggling, as I had never installed Powerpoint Viewer 2007 - only the full version of Office 2007 Professional.

The problem here is that Powerpoint Viewer 2007 is not actually installed on the local machine. Therefore Microsoft Update can't detect any available patches for PPTVIEW.EXE since it isn't installed, with all of the necessary registry entries and extra files to be patched up.

The reason the Office suite has the PPTVIEW.EXE included in the %Program Files%\Microsoft Office\Office12\ directory is so PPTVIEW.EXE can be embedded when the PUBLISH & PACKAGE TO CD command is invoked.

THE FIX:

1.) Download Microsoft Office PowerPoint Viewer 2007: http://www.microsoft.com/downloads/details.aspx?Fa...

2.) Install Microsoft Office PowerPoint Viewer 2007.

3.) Run Windows Update - the first time I ran it there were 4 Security updates to be installed.

3.) Run Windows Update again - there were an additional 4 Security updates to be installed.

4.) Rerun Secunia - the application may now be detected as the latest version.

The first time I did this, Secunia did not detect PPTVIEW.EXE as the latest version, even when I manually verified the pptview.exe version myself. The version number shows 12.0.6502.5000, but Secunia wasn't that quick on the uptake.

What I did to fix this:

1.) Rename PPTVIEW.EXE to PPTVIEW.EXE.BAK.

2.) Secunia detected the filename change and reported the application as uninstalled.

3.) Rename PPTVIEW.EXE.BAK to PPTVIEW.EXE

4.) Secunia then detected the presence of PPTVIEW.EXE and picked up the new, latest and greatest, not insecure version number.

Cliffs:
Download & Install Microsoft Office PowerPoint Viewer 2007
Run Windows Update until there are no more updates to install.
Maybe you'll have to rename the offending .exe twice.
...

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.










--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
TiMow RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Dedicated Contributor 8th Apr, 2010 16:47
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Jonny,

I also had a problem (last year) with MDAC.

The solution of @ Maurice Joyce is what you need to do, (re. C:\i386\), but if you see the following at the bottom of the PSI page;

"Secunia PSI Status: Suggested Ignore Rules: 1"

all you need to do is to click on the blue "1" and the rule is automatically created for you, as already described by Maurice, but without you needing to manually set it up.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Jonny109 RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Member 8th Apr, 2010 21:04
Score: 0
Posts: 4
User Since: 7th Apr 2010
System Score: 100%
Location: UK
Thank you,

TiMow and Maurice Joyce for your help and you very fast response.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft Office PowerPoint Viewer 2007 and Microsoft Data Access Components (MDAC) 2.x
Handling Contributor 8th Apr, 2010 21:49
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Jonny,
If U have fixed all your problems can U please lock the thread.

This will prevent U & I getting anymore totally unnecessary emails or add ons. Thank you.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+