Forum Thread: PSI does not detect NPP as insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
cvalde PSI does not detect NPP as insecure
Member 7th Oct, 2009 08:28
Ranking: 11
Posts: 22
User Since: 30th Jul, 2009
System Score: N/A
Location: CL
Hello, PSI shows in the list of patched programs:
Notepad++ 5.x version 5.4.5.0
The version and the installation path shown are correct. I thought that programs included in PSI are monitored for problems. Look at this:

http://www.securityfocus.com/bid/36426

In September 16, it was published that this version is insecure. Although SecurityFocus has not made any update on the state of the problem, the author released v5.5 (that I don't know if it fixes the buffer overflow) but the important part here is that PSI flags v5.4.5 as safe when it isn't.

Thanks.

Slamgeden RE: PSI does not detect NPP as insecure
Member 7th Oct, 2009 08:34
Score: 0
Posts: 181
User Since: 17th Jul 2009
System Score: N/A
Location: N/A
According to Security Focus (That are everything but reliable) there is no known patch. That would be why the PSI doesn't show it. It doesn't tell you about things you can't fix anyway.

--
Assorted Fnords.
Was this reply relevant?
+0
-0
cvalde RE: PSI does not detect NPP as insecure
Member 7th Oct, 2009 08:49
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
on 7th Oct, 2009 08:34, Slamgeden wrote:
According to Security Focus (That are everything but reliable) there is no known patch. That would be why the PSI doesn't show it. It doesn't tell you about things you can't fix anyway.


But at least in the "Secure Browsing" tab, it says "Insecure, no solution" for both IE8 and FF3.5.x.

I think the idea should be extended to programs unrelated to browsing, too.

C.
Was this reply relevant?
+0
-0
Slamgeden RE: PSI does not detect NPP as insecure
Member 7th Oct, 2009 09:04
Score: 0
Posts: 181
User Since: 17th Jul 2009
System Score: N/A
Location: N/A
Yea, if you're a pro, that's useful. However, the PSI is for personal use. Why would a home user need to know about holes he/she/it can't even fix? It just doesn't make sense for 99.9% of the users. If you need preemptive warning, maybe you should invest in the CSI.

--
Assorted Fnords.
Was this reply relevant?
+0
-0

This thread has been marked as locked.