navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Insecure, End of life Power Point Viewer 2003

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Office PowerPoint Viewer 2003

This thread has been marked as locked.
Semiah Insecure, End of life Power Point Viewer 2003
Member 2nd Dec, 2010 21:22
Ranking: 0
Posts: 14
User Since: 4th Aug, 2009
System Score: N/A
Location: N/A
Last edited on 2nd Dec, 2010 21:24

I've searched the Forum but just haven't found the solution to this: Secunia reports that C:\ Programs Files\Dell\MediaDirect\Kernal|Office\PPTView\PTVIE W.EXE is insecure; end of life. I have Open Office installed not Microsoft office. I don't know if I need this file or if it can be safely deleted. Seems this is a serious security threat. Add/Remove shows a MediaDirect program installed on my Dell Inspiron 1520.

Help is greatly appreciated.( I called Dell and they'd like to sell me their software including new PPViewer for $$$.)

I downloaded Power Point 2007 from MS. it did not patch or overwrite the insecure file.

Many thanks.

Maurice Joyce RE: Insecure, End of life Power Point Viewer 2003
Handling Contributor 2nd Dec, 2010 22:08
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 2nd Dec, 2010 23:44
It will not because Dell have embedded the viewer into their programme. Dell are responsible for updating it.

Navigate to that file using the OPEN FOLDER option in PSI or via Windows Explorer & rename it:

C:\ Programs Files\Dell\MediaDirect\Kernal|Office\PPTView\PTVIE W.EXE_OLD

Complete a full PSI rescan & U should be OK.

In the main the programme should still work. By default Dell are telling U it is End of Life hence they want U to buy the upgrade.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
TiMow RE: Insecure, End of life Power Point Viewer 2003
Dedicated Contributor 3rd Dec, 2010 08:27
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 3rd Dec, 2010 10:34
When this same issue arose for me, last week, I carried out this action, (as described by Maurice, above), which solved the problem.

As I don't use either MediaDirect or PPV, I wasn't aware of what requirement MediaDirect places on PPV, and what effect it's removal from the operation process (by renaming), would have.

As a possible remedy, I copied PPV 2007 from within the normal, default file folder:

C:\Program Files\Microsoft Office\Office12

which is present on my XP, even though I also use OOo. and don't have the paid M$ Office.

I then pasted the copied file onto an empty area, on r.h.s. of the Dell MD Office folder:

C:\Program Files\Dell\MediaDirect\Kernel\Office\PPTView

However, when I tried a test by opening the newly pasted file, I got an error pop-up, as follows

---------------------------
PPTVIEW.EXE - Unable To Locate Component
---------------------------
This application has failed to start because MSVCR80.dll was not found. Re-installing the application may fix this problem.
---------------------------
OK
---------------------------


Conversely, the old, renamed file would open as normal (from MediaDirect folder).

It appears that this attempted workaround has not worked, but as previously mentioned, this isn't a problem, due to my non-use of either.

I was just curious if Maurice or anyone knew, why the old file seems to function, but the new one, not, as MSVCR.80.dll doesn't appear to be a component of the old PPV, or anywhere else within the Dell MD folder in question.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Maurice Joyce RE: Insecure, End of life Power Point Viewer 2003
Handling Contributor 3rd Dec, 2010 11:11
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
There are only three ways to really clear this vulnerability.

1. Uninstall Direct Media.
2. Upgrade it on repayment from the Dell site.
3. Ignore it & run the risk having first been advised by Dell. I suspect the Direct Media version is vulnerable in that Dell have tried to sell a newer one.

I do not have direct access to a Dell PC with Media Direct still installed to fully test it.

As far as I can recall the PPV carries out the same function as PPV embedded in PowerPoint Professional which is explained elsewhere on the Forum therefore the work around should stop the vulnerability but will not stop it functioning - the file recreates itself.

I can see why a manual update to a later version of PPV will not work. MSVCR80.dll is not stored centrally but in SxS to prevent dll hell & MD cannot find it in that folder. Moving MSVCR80.dll from SxS to Media Direct is not a reliable option in that U could well cause DLL HELL.

From a personal viewpoint I have worked on & like Dell PC's but just be a little careful & only update embedded elements & drivers via the vendor site UNLESS U find an alternative that clearly states SUITABLE for Dell.

This, to some extent, is not helped by the fact that trying to update the standalone PPV 2003 with PPV 2007 in the hope that one will overwrite the other is a total non runner. MS Office,and standalone elements, do not work like that.

Hope this helps.





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
TiMow RE: Insecure, End of life Power Point Viewer 2003
Dedicated Contributor 3rd Dec, 2010 14:23
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
@Semiah - sorry to come in on your thread, but I thought it might be of interest to all with similar a problem with PPV and Dell MD.

@Maurice Joyce - thanks, Maurice, for the reply to my query. Just to clarify - I don't have a vuln. problem with PPV in MediaDirect - I'd already renamed the offending file - so your three options at the head of your reply are non-applicable to me.
[I thought I had the latest version, 4.7, anyway; and it's not listed by PSI, so current vuln. status is unknown].

I remember, either, doing personally, or reading about it (I can't recall which, or with what, unfortunately), that, when there was an insecurity with third party software embedded in another program, that renaming/deleting this insecurity and copying the current version to the program was a possible workaround.

In this case, it seems not to have worked, and as you've suggested, that trying to get the PPV 2007 to correctly function, may cause further problems, I'll leave as was. I'm happy with the current status quo.

As I'm not a great user of this type of program (seldom need to play media), I'll probably never find out if there's a deficiency in functionality of MD, because of PPV being taken out of the loop.

FWIW, when I do play media, I tend to use Media Centre anyway (also not listed by PSI).

Thanks

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Semiah RE: Insecure, End of life Power Point Viewer 2003
Member 3rd Dec, 2010 23:28
Score: 0
Posts: 14
User Since: 4th Aug 2009
System Score: N/A
Location: N/A
Maurice,

I'm afraid this has gone way over my ability. I went to the OPEN FOLDER option in PSI: it took me to a long list of folders and an off set folder labeled PPTView. It displays 5 DLLs and PPTView . I don't know how to get to the file Secunia notes - C:\Programs Files\ Dell\ etc.etc.

Sorry to take up your time with this. I do think Secunia is great and the Forum is a wonderful resource.

Was this reply relevant?
+0
-0
Semiah RE: Insecure, End of life Power Point Viewer 2003
Member 4th Dec, 2010 00:07
Score: 0
Posts: 14
User Since: 4th Aug 2009
System Score: N/A
Location: N/A
Maurice,

I tried to find the folder with Windows Explorer and found 7 folders on C: so not sure which is the correct one to rename.

Thanks to you and everyone for the input. I learn a bit more each time I log on.

Semiah

PS
It appears that Add/Remove cannot remove Power Point 2007 ; there is no "remove" option.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Insecure, End of life Power Point Viewer 2003
Handling Contributor 4th Dec, 2010 02:17
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Are U using XP SP3? Once confirmed I will try to give U more info on how to find it.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
TiMow RE: Insecure, End of life Power Point Viewer 2003
Dedicated Contributor 4th Dec, 2010 10:14
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 4th Dec, 2010 10:36
@Semiah

I have MediaDirect, on a Dell laptop, using Windows XP (SP3). I had this problem, last week, and solved it with the following method. I will try to give simple step-by-step instructions.

1) In PSI End-of-Life tab, click [+] on l.h.s. of PowerPoint Viewer;
2) click "Open Folder";
3) on the new Windows Explorer window that has opened, folder PPTView should be highlighted in blue, on l.h.s.;
4) on r.h.s. of window, is a list of named icons - for me, there are 6:- 5 have green/yellow gear wheels (the ".dll's" that you wrote of above), and one (3rd down for me), is a light brown framed square, with a circle within (plus small rectangles), and a small light blue square super-imposed in bottom right corner. This is named - PPTVIEW;
5) this is what you need to rename;
6) hover curser over this icon and right click, then select "Rename" near bottom of choices;
7) "PPTVIEW" will now be boxed and highlighted;
8) on your keyboard, press the right arrow key - this will remove the blue highlight, and move the cursor to the right end;
9) now type (after "PPTVIEW") " _old ", and press enter ("_" is shift+dash);
10) re-scan PSI.

This should now have removed the E-o-L listing of PowerPoint Viewer (within MediaDirect).

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

MaritimeRider

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.
MaritimeRider RE: Insecure, End of life Power Point Viewer 2003
Member 5th Dec, 2010 01:13
Score: 22
Posts: 174
User Since: 15th Mar 2009
System Score: 100%
Location: CA
Maurice: I normally do not have an issue with end of life programs so this one was such an annoyance and time consuming. Liked your steps but they did not work for me. I would have added another step but someone would have censored me.:) As a final solution I put it in the ignore list. Another reason for doing this was the file would not open once I found the name . Pop up stated it was locked and I did not have premission. I am administrator. and except a guest name, I am the sole user. When the beta program began it did not transfer the ignore list file. I did try to delete the folder but ID again stated no permission. Did not find the ignore list place until. today.
As for the security report; It disclosed nothing but a wierd icon color and 98%
Finally, I did get a green display which correlates with the dashboard. It proves that secunia even in beta is a program worth working with.

Was this reply relevant?
+12
-0
Maurice Joyce RE: Insecure, End of life Power Point Viewer 2003
Handling Contributor 5th Dec, 2010 10:39
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@MaritimeRider

Looks like U were affected by the Secunia server breakdown at 1145 hours GMT last night!!

I have adjusted your score on 3 threads to make up the 28 deducted to close the repeats so U have not lost out.


Surprised U could not complete Viewer action. Provided U, and anyone else for the matter, are happy with using the ignore rule so be it. That is what it is there for - to the best of my knowledge it is not vulnerable. It is End of Life because that version is unable to read some files created by PowerPoint 2007/2010.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
MaritimeRider RE: Insecure, End of life Power Point Viewer 2003
Member 5th Dec, 2010 20:39
Score: 22
Posts: 174
User Since: 15th Mar 2009
System Score: 100%
Location: CA
Last edited on 5th Dec, 2010 20:43
Thank you Maurice. I was stunned when I opened the post.What can I say? I never felt a thing :) Does anyone know if I can delete the extra posts, and how to?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Insecure, End of life Power Point Viewer 2003
Handling Contributor 5th Dec, 2010 22:10
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
U cannot - I closed them for U & adjusted the score - sadly someone else has dabbled who has no idea what he/she is doing.

Perhaps best left - U have gained some well earned points!!

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Semiah RE: Insecure, End of life Power Point Viewer 2003
Member 6th Dec, 2010 04:53
Score: 0
Posts: 14
User Since: 4th Aug 2009
System Score: N/A
Location: N/A
Maurice,

I am running Windows XP (SP3) I will try the fix that TiMow suggested and if I can't get that to work I will employ the " ignore" option. If I read you correctly, this can be left as is and is not a critical exposure.

Thanks again for the help.

Semiah

Was this reply relevant?
+0
-0

123xcmy

RE: Insecure, End of life Power Point Viewer 2003
[+]
This reply has been minimised due to a negative Relevancy Score.

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+