Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI reports erroneous version details on latest Safari

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
Midnight_Voice PSI reports erroneous version details on latest Safari
Member 1st Apr, 2011 23:59
Ranking: 50
Posts: 89
User Since: 1st Oct, 2010
System Score: 96%
Location: UK
Last edited on 2nd Apr, 2011 00:08

Yesterday, I installed the new Safari, 5.0.4, reported by the browser itself as 5.0.4 (7533.20.27), on my full patched Windows XP SP3 laptop (details below).

However, PSI is reporting it as 5.33.18.5, not recognizing it as 5.0.4, and so reporting it as insecure, and offering an upload.

The safari.exe and safari.dll in C:\Program Files\Safari are both reported by Windows Explorer (right-click file, Properties, Version) as 5.33.20.27, which agrees, I think, with 7533.20.27.

I can't see where PSI is getting 5.33.18.5 from, though it reports this as the version of C:\Program Files\Safari\safari.exe, which doesn't agree with the 5.33.20.27 above.

I don't think this is a Zombie issue, as the Safari.exe being reported is the installed one, and I've searched and there are no other copies of safari.exe on this machine anyway.

I did try humoring PSI and doing the update anyway, but of course as it was 5.04 over 5.0.4, it just asked if I wanted a repair, or whatever. I even let it do a Repair; nothing changed, which is hardly surprising.

Finally, nor do I know whether, if PSI could see the 5.33.20.27, it would know this was actually 5.0.4 and all was OK, or would still think it an error.

PSI, can you please look at this, as it's driving my score down to 99%, where it should be (as ever on this machine) 100%

--
A computer program can do pretty much anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running XP Pro in Windows XP Mode 32-bit)
Windows 8.1 Home Premium 64-bit - Lenovo IdeaPad Z500 Core i5 2.6Ghz

Post "RE: PSI reports erroneous version details on latest Safari" has been selected as an answer.
Anthony Wells RE: PSI reports erroneous version details on latest Safari
Expert Contributor 2nd Apr, 2011 10:44
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 2nd Apr, 2011 10:48
Hello M_V ,

Support are busy elsewhere atm and don't do weekends anyway on the PSI .

The PSI will display the version number it finds in the meta data ; so it is likely to display 5.0.4 as 5.33.20.27 and the previous version you have updated would logically correspond to 5.33.18.5 . ; there is a similar anomaly in The Open Office display when there are build numbers added to older platforms , but the generally used number appears to have gone up .

Which version of the PSI are you using ?? I'm guessing 2.0.x as you mention "zombies" ; the latest version is 2.0.0.3001 ; go tray icon right click and select "About" .

The "insecure" version of Safari should show at the top of the "Scan Results page" ; do you have the updated version showing alphabetically lower down the display ??

What is the detected instance pathway of the insecure version (click the [+] on the lhs of the/any programme) ??

EDIT : have you rebooted and run a full system scan since updating ??

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
Midnight_Voice RE: PSI reports erroneous version details on latest Safari
Member 2nd Apr, 2011 16:34
Score: 50
Posts: 89
User Since: 1st Oct 2010
System Score: 96%
Location: UK
on 2nd Apr, 2011 10:44, Anthony Wells wrote:
Hello M_V ,

Support are busy elsewhere atm and don't do weekends anyway on the PSI .

The PSI will display the version number it finds in the meta data ; so it is likely to display 5.0.4 as 5.33.20.27 and the previous version you have updated would logically correspond to 5.33.18.5 . ; there is a similar anomaly in The Open Office display when there are build numbers added to older platforms , but the generally used number appears to have gone up .

Which version of the PSI are you using ?? I'm guessing 2.0.x as you mention "zombies" ; the latest version is 2.0.0.3001 ; go tray icon right click and select "About" .

M_V: Yes, 2.0.0.3001

The "insecure" version of Safari should show at the top of the "Scan Results page" ; do you have the updated version showing alphabetically lower down the display ??

What is the detected instance pathway of the insecure version (click the [+] on the lhs of the/any program) ??

M_V: Only on the scan once, and the pathway is as I quoted in my first posting above, the main path for this program.

EDIT : have you rebooted and run a full system scan since updating ??

Anthony


M_V: Well, I thought I had; but I did one before replying here, after checking the above, and all is well now. Safari.exe is shown as version 5.33.20.27, the PSI is happy, and I have 100% once more.

Certainly, though, I did a rescan on the issue previously, and that wasn't enough to clear it, though the full scan has done.

Thanks

Midnight_Voice




--
A computer program can do pretty much anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running XP Pro in Windows XP Mode 32-bit)
Windows 8.1 Home Premium 64-bit - Lenovo IdeaPad Z500 Core i5 2.6Ghz
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer