eEye Digital Security

 After doing the above...  error,

"The installation package could not be opened.  Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package." 

My problem is the Comct232.ocx file needs to be updated from 6.0.80.22.  

I created a vb-file in the C:drive and tried to extract it using the C: prompt command to that folder and it wont work. 

Make sure you include the file name .msi in the source of the command. I got the same problem you did but once I added that it found the .msi file and extracted it.

 Sorry for the late response, but thanks for the help.

 I have the same issue....have seen it on three separate scans this week. Am wondering if manually extracting the files from the Microsoft update and then replacing the old .ocx files would break anything.

That is certainly an option to remediate the vulnerability. The problem is that the MS patch, only patches MS products, not 3rd party products that use the VB6 code. Its up to the 3rd party vendor to patch their software and your machine otherwise. You can extract and replace on your machine, and cross your fingers that it doesnt break whatever 3rd party app you're using, or contact the 3rd party application developer.

Hope that helps.

bpatten:

The problem is that the MS patch, only patches MS products, not 3rd party products that use the VB6 code.

Brian,

     I have an off the wall idea.  Would it be possible for the Retina team (as a future update change to Retina) to make Retina provide you a path to where it is finding the vulnerability?  Maybe something similar to the "Applications Arguments" line that was recently added into Blink's Kevlar module alerts (see example below):

Event ID: BLINK-APP-100
Severity: High
Description: Blink detected a suspicious system call.
Alert: Yes
Application: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Reason: KERNEL32.DLL!GetModuleHandleA
Action: Terminate Process
Application Arguments: "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1

---------------------------------------------------------------------------------------------------------------------------

In the case of Retina it would be helpful to see something like this:

Example:  

Target Location - C:\Windows\System32\accsp.dll  (version)

- If the vulnerability existed in the accsp.dll file of Windows and Retina is looking at its version number.

I don't know really, but something pointing you to the issue itself would be helpful.

I'll see if thats something we can add.

bpatten:

I'll see if thats something we can add

Awesome, I see the ticket you created for me:

Communication History
On 8/13/2009 9:15:36 AM eEye Digital Security wrote:

Customer would like to request the addition of the audit ID and confirmation details, so that end users can see what file/regkey we're reviewing determine that its vulnerable.

On 8/13/2009 9:16:23 AM eEye Digital Security wrote:

Hi Jeff,
Forwarding to product management for future consideration to the VA report.
Thanks,
Brian

Thank you.

Make sure you include the file name .msi in the source of the command. I got the same problem you did but once I added that it found the .msi file and extracted it.