Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Visual C++ 2005 Redistributable Package (x86)

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
confused2 Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 01:16
Ranking: 0
Posts: 4
User Since: 3rd Jan, 2011
System Score: N/A
Location: US
Hi -- Secunia PSI has flagged the above as insecure. But when I go to Windows Update, no updates are suggested that relate to this (and I am up-to-date on all critical patches).

I have Windows XP Pro SP3 (which I believe is 32-bit, so I am confused as to why I need this, in the first place, but this all is a bit over my head). In Add/Remove Programs, I have these listed:

Microsoft Visual C++ 2005 ATL Update (kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable- x86 9.0.30729.4148

Can my problem be solved by simply uninstalling on or both of the 2005 programs (via Add/Remove)? Or does the 2008 program depend on the 2005 programs?

Thank you very much!



Lazissa1 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 01:26
Score: 3
Posts: 37
User Since: 22nd Dec 2010
System Score: N/A
Location: N/A
FYI . . . I uninstalled all Visual C++ 2005 and 2008. I'm using Visual C++2010 and PSI has no problem with it.
Was this reply relevant?
+0
-0
confused2 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 01:36
Score: 0
Posts: 4
User Since: 3rd Jan 2011
System Score: N/A
Location: US
Thanks, but I'm not just worried about Secunia PSI having a problem with it -- I am more worried about having the correct version for my computer (XP Pro SP3, 32-bit).
Was this reply relevant?
+0
-0
Lazissa1 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 01:42
Score: 3
Posts: 37
User Since: 22nd Dec 2010
System Score: N/A
Location: N/A
I believe that PSI has them flagged because the 2005 and 2008 versions are old (out of date). Visual C++ 2010 is more up to date in many ways including security. If I'm wron, I hope someone corrects this.

My opinion is that you should uninstall the old ones and install the 2010 version. But, everyone needs to decide what's best based on their needs.
Was this reply relevant?
+0
-1
confused2 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 01:57
Score: 0
Posts: 4
User Since: 3rd Jan 2011
System Score: N/A
Location: US
Do you happen to have a link to the MS download for 2010 version?

Thanks!
Was this reply relevant?
+0
-0
Lazissa1 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 02:10
Score: 3
Posts: 37
User Since: 22nd Dec 2010
System Score: N/A
Location: N/A
As far as determining what OS you're running, I haven't run XP in a while but this should work:

1) right click on "My Computer"
2) select Properties
3) it should indicate in the window what you are running if I remember right.

The link to Visual Studio Express is:

http://www.microsoft.com/express/Windows/

Was this reply relevant?
+0
-0
Lazissa1 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 02:24
Score: 3
Posts: 37
User Since: 22nd Dec 2010
System Score: N/A
Location: N/A
Here's how you determine if you're running 32-bit or 64-bit XP:

Computers running Windows XP
•Click Start, right-click My Computer, and then click Properties.

•If "x64 Edition" is listed under System, you’re running the 64-bit version of Windows XP.

•If you don’t see "x64 Edition" listed under System, you’re running the 32-bit version of Windows XP.

The edition of Windows XP you're running is displayed under System near the top of the window
Was this reply relevant?
+0
-0
smurphdude RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Contributor 3rd Jan, 2011 07:35
Score: 107
Posts: 40
User Since: 13th Aug 2010
System Score: 100%
Location: UK
Last edited on 3rd Jan, 2011 07:38
on 3rd Jan, 2011 01:57, confused2 wrote:
Do you happen to have a link to the MS download for 2010 version?

Thanks!


Here is the security patch that will fix the 32bit 2005 version.

http://download.microsoft.com/download/6/B/B/6BB66...

No need to install the 2010 version, and don't uninstall 2005 and 2008 - there will some programs on your PC that use them.
Was this reply relevant?
+10
-0
Lazissa1 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 3rd Jan, 2011 07:46
Score: 3
Posts: 37
User Since: 22nd Dec 2010
System Score: N/A
Location: N/A
I didn't have any problems with programs wanting 2005 or 2008 later (after upgrading to 2010). As I said before, everyone needs to decide what's best based on their needs.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Handling Contributor 3rd Jan, 2011 11:09
Score: 11569
Posts: 8,889
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I support @ smurphdude 100%.

Microsoft manage Visual C++,.NET Framework & Direct X.

As far as I know C++ 2010 has not been released for general use but as a developer tool to work mainly with .Net Framework 4.

.NET Framework 4 is an OPTIONAL download for Windows users. It is highly unlikely either will be required by home users for some time.

Unless U have a basic knowledge of the interaction between these programmes it will be foolhardy to remove any of them. The end result could be the crippling of programmes directly supported by them.

There are successful solutions on this Forum on fixing 64 Bit & 32 Bit systems to clear this minor issue.

It is better to literally ignore the problem than remove the older versions under the notion that the latest supersedes the old. That is NOT correct - MS fully supports 2005 & 2008.






--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+4
-0
confused2 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 5th Jan, 2011 02:03
Score: 0
Posts: 4
User Since: 3rd Jan 2011
System Score: N/A
Location: US
Thank you all for your help. I will try to patch as recommended by @ smurphdude.
Was this reply relevant?
+0
-0
aaaaaaaaaaaaaaaaa RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 13th Jan, 2011 00:02
Score: -5
Posts: 41
User Since: 15th Dec 2008
System Score: 100%
Location: N/A
on 3rd Jan, 2011 01:42, Lazissa1 wrote:
I believe that PSI has them flagged because the 2005 and 2008 versions are old (out of date). Visual C++ 2010 is more up to date in many ways including security. If I'm wron, I hope someone corrects this.

My opinion is that you should uninstall the old ones and install the 2010 version. But, everyone needs to decide what's best based on their needs.


I afraid you are wrong.
Particular versions of VC++ redistributable are not backwards compatible!!!!

Some apps will need 2005, other 2008, remaining the 2010 version.
So, removal of old version is NO solution.

Here the XP SP3 32bits based machine.
With 2005 and 2008 installed. The same problems.
However, other our machine, Vista based, with same VC++ redistributable versions installed doesn't show these problems.

For year we have been scanning these two machines together with all lot of others month by month after release of Microsoft patches. This PSI finding for VC++ 2005 redistributable didn't occur until this month.

We have tried to remove 2005 and all its updates.
After that to install them again. Already the installation of 2005 leaves
in C:\Program Files\Common Files\Microsoft Shared\VC folder
the msdia80.dll with 762 version stamp.
First invocation of Windows Update after installation of VC++ 2005 redistributable results in one finding: KB973923.
I get allowed to install this patch. It doesn't help for PSI alert.

No more findings by Microsoft Update after that. Neither immediately nor
after system reset. MBSA doesn't find any missing patch as well.

I how no idea how our further proceeding has to be.
PSI still alerting the VC++ 2005 redistributable of vulnerable version was installed.

Has anyone any hints please?
Was this reply relevant?
+0
-0
Lazissa1 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 13th Jan, 2011 00:12
Score: 3
Posts: 37
User Since: 22nd Dec 2010
System Score: N/A
Location: N/A
All computer problems are fixable. It's a question of bits and bytes.

As I have said before, all users need to decide what's best for them.

I don't want to offend anyone so I'll leave it with "It's all bits and bytes - it can be fixed".
Was this reply relevant?
+0
-0
Lazissa1 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 13th Jan, 2011 02:15
Score: 3
Posts: 37
User Since: 22nd Dec 2010
System Score: N/A
Location: N/A
I want to apologize to chrizio and Secunia for being short earlier. My concern wasn't expressed appropriately. Here's my concern: We are not all the same - in our needs and our knowledge.

Some people are just learning to program. They don't have a dependency of one version of Visual Studio over another. It will let them move to the new version with no problems.

Some people are interacting with the operating system and other things. Their applications may still work after moving to a new version.

Some people who are interacting with the operating system and other things and their applications will fail after upgrading(?). They may be able to fix it.

Some people can write divice drivers, applications at a system level, and even operating systems. They can probably fix what comes their way (if they choose).

You don't know if you can move on to something else until you try. Be ready to move back. There's no reason to waste resources on something that you don't need, but some need it.

Every user needs to decide for themselves! (Sometimes you have to play with it - you learn better when it's play to you). (Excuse the grammer)
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Dedicated Contributor 13th Jan, 2011 13:47
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
@chrizio

Try downloading this version of the package:

http://www.microsoft.com/downloads/en/details.aspx...

Downloading earlier versions and then using Windows Updates does not replace the file needed to satisfy Secunia. However your system is secure if you have all the Windows updates.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
aaaaaaaaaaaaaaaaa RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 13th Jan, 2011 21:02
Score: -5
Posts: 41
User Since: 15th Dec 2008
System Score: 100%
Location: N/A

The installer file of full redistributable I have had on my jukeboke was the
reason indeed.
As last attempt i tried the link to full installer sent in this thread.
It is really leaving the msdia80.dll with proper version stamp.
So, finally the Microsoft Update doesn't have any job to do.

Curiously the version number of my old installer is higher than version number
of new full installer, the former one is 6.0.3790.0, the later one is 6.0.2900.2180.
Strange is the world. The world by Microsoft.

According to MS Update the new full installer doesn't need any patch in the moment. I wonder, why does it not work on our Vista machines this way.

Thanks for all your help.
Was this reply relevant?
+0
-0
rvr2352 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 13th Jan, 2011 21:26
Score: 0
Posts: 4
User Since: 12th Jan 2008
System Score: N/A
Location: N/A
Last edited on 13th Jan, 2011 21:27
OK, so I'm stupid. Why, after uninstalling C++ 2005 in all it's variations, restarting and re-scanning with PSI does the scan result in (yet again) 2005 C++ as end of life. It has NO life on my 64X W7 machine????
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Dedicated Contributor 13th Jan, 2011 23:46
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
What is the installation path that Secunia has detected? It must be a location that is not the standard place where Microsoft put this file.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
rvr2352 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 14th Jan, 2011 00:27
Score: 0
Posts: 4
User Since: 12th Jan 2008
System Score: N/A
Location: N/A
Path is : C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll, version 8.0.50727.762

Steve
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Dedicated Contributor 14th Jan, 2011 09:53
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Is PSI reporting this as 32bit version as in the title of this thread or the 64bit version appropriate for your system?

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
rvr2352 RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 14th Jan, 2011 23:04
Score: 0
Posts: 4
User Since: 12th Jan 2008
System Score: N/A
Location: N/A
It's reporting as 64 X but I don't see a specific 32 bit at the top of the thread??
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Dedicated Contributor 15th Jan, 2011 02:10
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
X86 in the thread title refers to 32bit Intel architecture. It appears that the uninstall has not removed all files. You can either tell the PSI to ignore it or rename the file. This file does not contain any vulnerabilities. It is only used to identify the version installed.

If you need to install this again, download vcredist_x64 from http://www.microsoft.com/downloads/en/details.aspx... . That is the latest version. It may be worth downloading it anyway to prevent future problems if you install a program that requires it.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Lwiener RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Member 15th Jan, 2011 09:08
Score: 3
Posts: 18
User Since: 10th Dec 2008
System Score: N/A
Location: N/A
Last edited on 15th Jan, 2011 09:10
I followed the clear and concise suggestion of smurphdude above; the link he provided worked flawlessly to update my Visual C to Secunia's demands after previous fruitless tries to update through Microsoft Update site and resolve conflicting info on my add/remove window concerning updates already done and what was active in "common files" directory. Not all of us here are programer-level users and fluent in arcane techno analysis and discussion. Thanks to smurphdude's plain and effective solution I, in my case at least, have been able to return to 100 percent up-to-date per PSI.
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft Visual C++ 2005 Redistributable Package (x86)
Dedicated Contributor 15th Jan, 2011 13:37
Score: 1198
Posts: 954
User Since: 8th Nov 2008
System Score: 98%
Location: UK
As smurphdude says, his link is for 32bit systems. rv2352 needs the 64bit version.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability