On Jun 4, 2007, at 5:10 PM, John Scherff wrote:
Plugin 25167 appears to be producing false-positives. This plugin
is in the "Windows : Microsoft Bulletins" family and tests for
MS07-028 (flaw in CAPICOM).
The scan was run against a freshly-installed, fully-patched Windows
2003 R2 server with Citrix Presentation Server 4.5 installed.
Could you check the default value in the following registry key ?
value = SOFTWARE\Classes\CAPICOM.Certificates\CLSID
Then get the path in :
"SOFTWARE\Classes\CLSID\"+value+"\InprocServer32"
and finally check the version of the file pointed by the previous
registry key. If this version is smaller than 2.1.0.2 then your
server is vulnerable (it is possible to access this activex).
Nicolas
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
