navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Winzip 10.0 Build 7245 incorrectly detected as high threat

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
WinZip
And, this specific program:
WinZip 10.x

This thread has been marked as locked.
bigbadsteve Winzip 10.0 Build 7245 incorrectly detected as high threat
Member 22nd Nov, 2010 15:30
Ranking: 0
Posts: 6
User Since: 11th Jul, 2009
System Score: N/A
Location: N/A
I have Winzip 10.0 Build 7245 installed. PSI v1.5.0.2 displays it on its End-Of-Life Programs tab, which is fair enough. However the Version Detected is displayed there as "10.[with no zero] (7245)", and incorrectly listed as a Category 4 Security Threat. Clicking on the Threat rating graph displays a Secunia advisory indicating that Winzip 10.0 versions prior to Build 7245 have vulnerabilities, and "Solution: Update to version 10.0 Build 7245". Clearly the version/build is being incorrectly detected and Winzip 10.0 Build 7245 should not have a threat rating displayed.

Anthony Wells RE: Winzip 10.0 Build 7245 incorrectly detected as high threat
Expert Contributor 22nd Nov, 2010 17:32
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

I think it is just a matter of interpretation . If 10.x is "EOL" then it is no longer supported by the vendor ; that is the PSI message . Version numbers can sometime be written/read differently according to the version data provided in the file Secunia is using to set the version detection rules ; this file may be different to the file used to actually detect the programme . Open Office shows such differences between the PSI detected version and what shows in the programme's "about" .

The "threat" rating has always been confusing and annoying (in my opinion) and is no longer present in the PSI Beta versions . Mousing over the (?) does indeed explain that this rating is what would be shown if you had not updated to your latest version and refers to the Advisory and the patch you made by updating to your current version .

So your version is as up to date as you can make it , but you will not know as of now in the future whether there are vulnerabilities which affect your version .

How you deal with that has to be your choice .

Hope that helps .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+