On Jun 4, 2007, at 7:49 PM, John Scherff wrote:
I don't know if this FAQ item applies or not; the Company attribute is
"Microsoft Corporation." I doubt it's a custom CAPICOM (e.g., from
Citrix) because even my desktop computer has CAPICOM 2.0.0.3, and the
patch has been applied to it as well.
But the MS bulletin definitely says, "If you have version 2.1.01 or
lower, you should update your system," so Nessus is correct in marking
it as a vulnerability. Something must be broken in the Microsoft
patch.
I don't know how MBSA works but if it uses the same technique as
described in the advisory it may be the problem. The advisory
recommends to check that the following key exists to know if the
patch is installed :
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.4\CLSID
However the activex is directly linked with this key :
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates\CLSID
When you install the patch the "Certificates.4" key is created and
the "Certificates" key is replaced. However if you install another
application that uses capicom, the key "Certificates" may be replaced
with an older version of the activex. Then, even if you installed the
patch, the older activex version can be used.
Nicolas
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
