Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: K-Lite Codec Pack completely mis-detected
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: |
And, this specific program: K-Lite Mega Codec Pack 1.x |
| stephensussman | K-Lite Codec Pack completely mis-detected |
|---|---|
 |
21st May, 2011 00:15 |
|
Ranking: 1 Posts: 8 User Since: 9th Dec, 2010 System Score: N/A Location: N/A |
It's really admirable of Secunia to include K-Lite Codec Pack in the database, because codecs can certainly be an attack vector, but you are delivering the wrong information. KLCP has two different "version numbers" and it is currently 7.1.8 (32-bit) and 4.6.0 (64-bit), although these days the 32-bit updaters also install the 64-bit codecs and people generally refer to the 32-bit version number these days. PSI reports any and all versions of KLCP as "Mega Codec Pack 1.x". Firstly, it isn't Mega. I am running standard. Again admirable if you want to detect at that level of specificity, but it does no good if it's wrong. And of course the version number problem is apparent... this is certainly not version 1.x. I understand it may be hard to detect correctly... but reporting any version as "1.0" is kind of pointless and does not improve security at all, so it should either be fixed or deleted. I can suggest instead of detecting KLCP itself (which is really just a collection) you could detect it's main consituent parts - ffmpeg/ffdshow. TSmuxer, etc. Problem report is below: ---START--- Program Name: K-Lite Mega Codec Pack 1.x Security State: Patched Download Link: Instances Found: C:\Program Files (x86)\K-Lite Codec Pack\psvince.dll, version: 1.0.0.0 Last System Scan (localtime): 18. May 2011, 23:18 Operating System: Microsoft Windows 7 (64-bit) |
| Anthony Wells | RE: K-Lite Codec Pack completely mis-detected | ||||||||
|
21st May, 2011 23:35 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
Hi , There is the need for the PSI to detect the file meta data which relates to a version of any programme detected . A different file to the one which actually detects the programme may be needed to supply the version # . C:\Program Files (x86)\K-Lite Codec Pack\psvince.dll, version: 1.0.0.0 is the file detecting the software ; but for the version you will need to look elsewhere n the C:\Program Files (x86)\K-Lite Codec Pack\ ... folder and you will need to find a detectable file :eg: an .exe , .dll or similar : which contains the version data . Then you can submit that to Secunia using the "Are you missing a program" link at the top right of the scan results page . I am short of time , but a quick look in my Full version 7.1.8 0 folder (installer 717_20110506) does not produce anything useful ; plus you will see here that the various items you suggest have their own numbers :- http://www.codecguide.com/features_standard.htm A further complication lies in the various installation options available for custom loading the pack and which the PSI would be unlikely to determine as to their individual selection . On the bright side , the MPC Home-Cinema is displayed separately (currently as version 1.5.2.3086) and as it could be a serious risk it is good to know if you are up to date with the latest security patches (not to be confused with bug and eye candy fixes) . So you may not find a file for the pack but you could suggest parts of the install that interest you and have a "measurable" version file . Hope that helps , support will be back tomorrow (Monday CET) and may have something to add/change to the above . Take care Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| Anthony Wells | RE: K-Lite Codec Pack completely mis-detected | ||||||||
|
|
21st May, 2011 23:35 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 21st May, 2011 23:39 |
Double post deleted . -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
