Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: MS Visual C++ 2005 Redistr. Package vulnerable?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
All Threads

This thread has been marked as resolved.
Websafe MS Visual C++ 2005 Redistr. Package vulnerable?
Member 17th Dec, 2010 20:34
Ranking: 79
Posts: 105
User Since: 24th May, 2009
System Score: 100%
Location: NL
Hello all,

Just did a full PSI scan (PSI 1.9.0.6001) and under “scan results” Microsoft Visual C++ 2005 Redistributable Package (x86) shows as insecure.
Under “install solution” PSI shows: “Microsoft Update”. However Microsoft Update only gave me an update for Silverlight.
Double clicking brings me to the quick facts which tells me version 8.0.50727.762 is installed and version 8.0.50727.4053 should be installed.
The installation path: C:\Program Files\Common Files\Microsoft Shared\VC brings me to msdia80.dll which is (indeed) version 8.0.50727.762
As online reference PSI links to: http://secunia.com/advisories/35967/ Secunia Advisory SA35967; Release Date 2009-07-28 Last Update 2010-01-12.
In this advisory is also a link to a Microsoft Bulletin Published: July 28, 2009 | Updated: January 12, 2010 link: http://www.microsoft.com/technet/security/Bulletin...

The date of this vulnerability gives me the impression the PSI should have alerted me much earlier (which it didn't) if this is a real vulnerability. In other words I think this is a false-positive.

Anyone else having this issue or someone an idea what this “vulnerability” means?

Have a nice weekend,
Websafe.

Post "RE: MS Visual C++ 2005 Redistr. Package vulnerable?" has been selected as an answer.
ddmarshall RE: MS Visual C++ 2005 Redistr. Package vulnerable?
Dedicated Contributor 17th Dec, 2010 22:08
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
There was a lot of traffic earlier in the year with a similar problem in the 2008 version. I can't remember 2005 coming up then so I don't know why you've suddenly been notified.

The solution is to install the full version from the Download Center
http://www.microsoft.com/downloads/en/details.aspx...

You won't get that through Windows Update. Microsoft provided an update back in 2009 which didn't replace the whole thing, but as far as I know fixes the vulnerability. You need to do the whole thing to stop PSI bugging you.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-1
Websafe RE: MS Visual C++ 2005 Redistr. Package vulnerable?
Member 18th Dec, 2010 00:02
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Hello ddmarshall

Thanks for your reply. The download you linked to (Microsoft Visual C++ 2005 Service Pack 1 Redistributable) is already on my hard-disk. De-installed from add/remove program and did a new install of this Service Pack 1.
With success! PSI now shows the MS Visual C++ 2005 Redistr. Package as secure.
Also checked the path: C:\Program Files\Common Files\Microsoft Shared\VC where msdia80.dll now shows up as version 8.0.50727.4053
In fact the PSI was right. Don't understand why I had an outdated version on my machine.

Anyway, many thanks for helping me,
Websafe.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability