Forum Thread: Windows 7 & CVE-2010-2553

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
All Threads

This thread has been marked as locked.
jim__hill Windows 7 & CVE-2010-2553
Member 24th Aug, 2010 14:47
Ranking: 3
Posts: 3
User Since: 12th Jun, 2010
System Score: N/A
Location: N/A
Secunia PSI v1.5.0.2 on my i7 win7 (home premium 64bit) hp laptop tells me that I have a Microsoft Windows 7 insecurity.

'Download Solution' involves ms update which I don't use.
'Solution Wizard' is greyed out.
'Re-Scan Program' achieves nothing.
'Technical Details' shows no product version.
'Open Folder' is greyed out.
'Ignore Program' is greyed out.
'Add/Remove Programs' tells me nothing.

'Online References' leads me to the Secunia Advisory
<http://secunia.com/advisories/40936/>
which tells me that it's a 'Cinepak Codec Decompression Vulnerability'. That page references 'CVE-2010-2553' which leads me to
<http://secunia.com/advisories/cve_reference/CVE-20...>
which, in turn, references
<http://www.microsoft.com/technet/security/Bulletin...>
entitled "Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)" which seems ok. The link for win7 x64 on that page leads me to
<http://www.microsoft.com/downloads/details.aspx?fa...> which downloads
<http://download.microsoft.com/download/1/A/F/1AF73...>.

When I ran that the first time, it reported no errors. Further attempts to install (in response to PSI telling me that it was insecure) fail with the error "Security Update for Windows (KB982665) is already installed on this computer."

Checking file versions against <http://support.microsoft.com/?kbid=982665>

Name Version Size Date Time Platform
Iccvid.dll 1.10.0.13 82,944 29-Jul-2010 06:30 x86

Filename : iccvid.dll
Folder : c:\Windows\System32
Size : 82,944
Modified Time : 29/07/2010 07:30:34
Created Time : 11/08/2010 03:54:39
Last Accessed Time: 11/08/2010 03:54:39

Filename : iccvid.dll
Folder : c:\Windows\SysWOW64
Size : 82,944
Modified Time : 29/07/2010 07:30:34
Created Time : 11/08/2010 03:54:39
Last Accessed Time: 11/08/2010 03:54:39

Filename : iccvid.dll
Folder : c:\Windows\winsxs\x86_microsoft-windows-vcm-core-c odecs_31bf3856ad364e35_6.1.7600.16385_none_6c79173 539c35f69
Size : 82,944
Modified Time : 14/07/2009 02:15:26
Created Time : 14/07/2009 01:03:30
Last Accessed Time: 14/07/2009 01:03:30

Filename : iccvid.dll
Folder : c:\Windows\winsxs\x86_microsoft-windows-vcm-core-c odecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce 139a20071
Size : 82,944
Modified Time : 29/07/2010 07:30:34
Created Time : 11/08/2010 03:54:39
Last Accessed Time: 11/08/2010 03:54:39

Filename : iccvid.dll
Folder : c:\Windows\winsxs\x86_microsoft-windows-vcm-core-c odecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1 e52cef174
Size : 82,944
Modified Time : 29/07/2010 07:17:26
Created Time : 11/08/2010 03:54:39
Last Accessed Time: 11/08/2010 03:54:39

Name Version Size Date Time Platform
Ir32_32.dll 3.24.15.3 197,632 14-Jul-2009 01:15 x8 6

Filename : ir32_32.dll
Folder : c:\Windows\System32
Size : 197,632
Modified Time : 14/07/2009 02:15:34
Created Time : 13/07/2009 23:25:04
Last Accessed Time: 13/07/2009 23:25:04

Filename : ir32_32.dll
Folder : c:\Windows\SysWOW64
Size : 197,632
Modified Time : 14/07/2009 02:15:34
Created Time : 13/07/2009 23:25:04
Last Accessed Time: 13/07/2009 23:25:04

Filename : ir32_32.dll
Folder : c:\Windows\winsxs\x86_microsoft-windows-vcm-core-c odecs_31bf3856ad364e35_6.1.7600.16385_none_6c79173 539c35f69
Size : 197,632
Modified Time : 14/07/2009 02:15:34
Created Time : 13/07/2009 23:25:04
Last Accessed Time: 13/07/2009 23:25:04

Filename : ir32_32.dll
Folder : c:\Windows\winsxs\x86_microsoft-windows-vcm-core-c odecs_31bf3856ad364e35_6.1.7600.16646_none_6ca55ce 139a20071
Size : 197,632
Modified Time : 14/07/2009 02:15:34
Created Time : 13/07/2009 23:25:04
Last Accessed Time: 13/07/2009 23:25:04

Filename : ir32_32.dll
Folder : c:\Windows\winsxs\x86_microsoft-windows-vcm-core-c odecs_31bf3856ad364e35_6.1.7600.20767_none_6d1a5a1 e52cef174
Size : 197,632
Modified Time : 14/07/2009 02:15:34
Created Time : 13/07/2009 23:25:04
Last Accessed Time: 13/07/2009 23:25:04

That suggests to me that PSI may be picking up files which aren't updated by ms - in particular, look at the third entry for iccvid.dll which is dated '14/07/2009' instead of '11/08/2010'.

What, if anything, should I do now?

This user no longer exists RE: Windows 7 & CVE-2010-2553
Member 24th Aug, 2010 14:53
Hi,

What you need to do is run Microsoft Update and install the patch. Nothing else will resolve this.
Why, exactly, do you have an aversion to running Microsoft Update?
Was this reply relevant?
+0
-0
jim__hill RE: Windows 7 & CVE-2010-2553
Member 24th Aug, 2010 16:15
Score: 3
Posts: 3
User Since: 12th Jun 2010
System Score: N/A
Location: N/A
Thanks for the quick response.

on 24th Aug, 2010 14:53, wrote:
What you need to do is run Microsoft Update and install the patch.


Will do.

on 24th Aug, 2010 14:53, wrote:
Nothing else will resolve this.


I'm sure that'll be of interest to many people. If you don't mind me asking, why does the ms standalone patch not resolve the insecurity? Why does ms provide a standalone patch if it doesn't resolve the insecurity? Why does PSI link to that patch if it doesn't resolve the insecurity?

Or, if the standalone patch does resolve the insecurity, why does PSI claim there's still an insecurity?

on 24th Aug, 2010 14:53, wrote:
Why, exactly, do you have an aversion to running Microsoft Update?


I have no specific aversion. The method I use for updates has always worked for me in the past so Microsoft Update became just another non-essential service and I disable all unwanted/non-essential services immediately after first boot, before installing a firewall and connecting to the Internet.
Was this reply relevant?
+0
-0
This user no longer exists RE: Windows 7 & CVE-2010-2553
Member 25th Aug, 2010 09:46
Last edited on 25th Aug, 2010 09:46 Hi,

I think I may have chosen my words incorrectly. There are ways apart from Microsoft Update that allow you to remedy the situation (particularly, the MS Standalone patches you mentioned). What I meant was that installing the patch was your only hope for fixing the insecurity (which it is).

Since the Secunia PSI relies on Microsoft Update to report and supply patches for Windows Operating Systems, it seemed natural to encourage you to use that - especially since most users are either not aware of the KB's and standalone patches, or would not be comfortable using them.

If you have installed the standalone patch, rebooted, and run a full rescan, you should be shown as secure, as long as all KB' requirements have been fullfilled.

hope this helps.
Was this reply relevant?
+0
-0

This thread has been marked as locked.