Relating to this vendor:
And, this specific program:
WebEx Recording Format Player
|mecs24ws||Current WebEx Player Vendor Download Link Reports as Vulnerable|
|15th Dec, 2010 14:00|
User Since: 15th Nov, 2010
System Score: N/A
I installed the WebEx Player from a partner's WebEx presentation on 13 Dec 2010, and PSI immediately reported it as vulnerable.
I downloaded and installed the full installer for the ARF player at the PSI vendor download link (http://www.webex.com/downloadplayer.html) at that time, and after install,
-PSI still reports the app as vulnerable
-The File Properties | Details for each of the three instances of atas32.dll on the system still report the vulnerable version of 18.104.22.168
C:\Program Files (x86)\WebEx\Record Playback\atas32.dll
-The current download of the arf player from the PSI vendor download link is unchanged from the download of 13 Dec (MD5:9627144a853191110871b95235059a3b; SHA-1:2c922f81e8d9e5d2620006b9e31545b68085baf0)
Is the vendor download indeed unpatched, or is this a version identification problem for PSI?
OS: Windows 7, patched current
|mogs||RE: Current WebEx Player Vendor Download Link Reports as Vulnerable|
|15th Dec, 2010 14:38|
User Since: 22nd Apr 2009
System Score: 100%
What version of psi are you using ?
Are you sure there is no entry/instance of Web Ex in the Patched tab ?
Whenever you update a program it is often the case that the older version/file isn't automatically removed, and it is this/those that Secunia continues to detect; even if residing in the Recycle bin...
Here's an extract from the Advisory at :-http://secunia.com/advisories/product/3004/
This vulnerability report for WebEx Player contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.
If you have information about a new or an existing vulnerability in WebEx Player then you are more than welcome to contact us.
Vendor, Links, and Unpatched Vulnerabilities
Product Link View Here (Link to external site)
Affected By 2 Secunia advisories
Monitor Product Receive alerts for this product
Unpatched 0% (0 of 2 Secunia advisories)
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
It doesn't appear to be a detection/identification on Secunia's part.
Hope this helps....regards,
|Anthony Wells||RE: Current WebEx Player Vendor Download Link Reports as Vulnerable|
|15th Dec, 2010 21:23|
User Since: 19th Dec 2007
System Score: N/A
Hi @mecs24ws ,
This programme has some history concerning detection by the PSi ; if you click the blue WebEx Player link on the right above your first post you will see this list of threads :-
and this one in particular digs deep :-
You may find what you need therein ; let us know how you go .
It always seems impossible until its done.
|This user no longer exists||RE: Current WebEx Player Vendor Download Link Reports as Vulnerable|
|17th Dec, 2010 08:51|
If you run a full rescan, is this issue still reproduceable?
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.