eEye Digital Security

Friday, 2/20/09; 12:47pm PT

 

Hi, all - just updated to latest version of RealPlayer and, after a full overnight scan, (beautiful, marvelous, wonderful Blink) still shows the high risk audit:DynaZip DUNZIP32.dll Buffer Overflow in Multiple Products - RealPlayert  CVE CVE-2004-1094, (requiring an):Upgrade to the latest version of DynaZip / McAfee / RealPlayer.  Any Idea?  Thanks!

 

 

 
 

Sounds like the old version did not completely un-install or something leaving an old registry key somewhere.  My only recommendation would be to:

1.  Un-install RealPlayer and then restart your computer

2.  Make sure RealPlayer does not exist in or under any of the following file locations:

- C:\Program Files

- C:\Documents and Settings\"Profile Name"\Application Data     ("Profile Name" being the name of any of the profiles on your computer you may have)

- C:\Documents and Settings\"Profile Name"\Local Settings\Application Data    ("Profile Name" being the name of any of the profiles on your computer you may have)

3.  Run a system cleaning program something like "CCleaner"  (described in this older post:  http://forums.eeye.com/forums/t/752.aspx)

4.  Search your registry for anything pertaining to RealPlayer and delete it

5.  Restart your system again

6.  Try installing the latest update of the RealPlayer software and then scan again with Blink

 

Winifred:

Friday, 2/20/09; 12:47pm PT

 

Hi, all - just updated to latest version of RealPlayer and, after a full overnight scan, (beautiful, marvelous, wonderful Blink) still shows the high risk audit:DynaZip DUNZIP32.dll Buffer Overflow in Multiple Products - RealPlayert  CVE CVE-2004-1094, (requiring an):Upgrade to the latest version of DynaZip / McAfee / RealPlayer.  Any Idea?  Thanks!

 

 

 
 

 

Can you provide the file version (not product version) of "dunzip32.dll" located in "%programfiles%\Real\RealPlayer\" ?

Hi, Blue1978

Thanks, I'll try this after using my CCleaner which may erase any leftoverregistry stuff.

 

Something I've always wondered. . . . if I have no need - say for RealPlayer - (using Windows Player) - by totally removing (uninstalling) RealPlayer - will I still get the Blink audit I first referred to?

This particular audit doesn't use the registry.   It is checking a file used with RealPlayer.  So if you uninstall Realplayer and it removes all the binaries from "%programfiles%\Real\RealPlayer\" then you won't see the audit anymore.  Though before you uninstall it, can you provide what version of realplayer it is as well as the file version I've described above?

Try getting the information that nomuus asked you for first if you can.

RE: Can you provide the file version (not product version) of "dunzip32.dll" located in "%programfiles%\Real\RealPlayer\" ? I would be glad to provide that for you - but I don't know how to get it. If you can tell me exactly how to extract this information from my system I shall be glad to find it and give it to you. Please advise, thanks!

This should be located in:  C:\Program Files\Real\RealPlayer.

Right click on the "dunzip32.dll" and then select the "Version" tab.  Post the version of this file.

ok. Finally found it: Version: 5.0.0.3 (and tho' you didn't ask - thought I'd forward this as well: file description DynaZIP-32 Multi-Threading UnZIP DLL If Ii remove all - how will I know if the binary stuff is removed? Could you kindly walk me through that, too? Thanks!

I will leave that up to Nomuus to answer, he might have more questions for you regarding this.

Hi. I uninstalled RealPlayer.  Then ran CCleaner and ERUNT.  Will wait overnight for Blink to run a complete system check and will check back tomorrow if the subject audit still appears.  Thanks for all the help

Thanks, nomuus.  I uninstalled RealPlayer (including those I had to manually uninstall that Windows failed to uninstall)

then cleaned @ w/CCleaner, then ERUNT, then rebooted, then waited for the overnight scan by beautiful Blink and voila! the problem is

fixed!   

 

Last question: Going forward if I have other Blink audits for programs I don't use (aka QuickTime) may I just do the same things to

eliminate the program AND the audit?

Winifred:

Last question: Going forward if I have other Blink audits for programs I don't use (aka QuickTime) may I just do the same things to

eliminate the program AND the audit?

 

Yes, you can just un-install anything your not using.  Quite frankly that IS the best thing to do.  Preferrably, you do not want software installed on your system that your not using on a regular basis anyways.  It just makes for more work that you have to do to maintain your system as far as keeping things updated, patched, and have to chase after.  It just saves you from the headache in the long run.  The less complex your system is, the easier it is to secure from a security perspective too (less software installed also lessens the likely hood you will have software conflicts that will arise).

Keep in mind though, depending on what Retina is looking for (every audit has its own unique "vulnerable" component that it is looking for, whether it may be a file, registry key, etc).  If a particular component was left behind (after an un-installation of an application) and that was what Retina was looking for originally, then you might still have that audit show in Retina even though you have un-installed the application.  There are rare cases that this happens, BUT it has happened to me and this is also why I use CCleaner a lot now in attempts to avoid this issue.  Sometimes programs un-install themselves sloppy and leave registry keys, folders, and so forth behind on your system...it all depends.

My personal rule of thumb is to always un-install an older version of an application before I install a newer version of it (even if it is an update, unless the update requires the original installation to be able to add itself on to.)  I am this way with Blink.  Even though you should be okay with installing a newer version of Blink over the older one, I choose not to.

nomuus:

Though before you uninstall it, can you provide what version of realplayer it is as well as the file version I've described above?

 

Thanks SOOO much for that, Jeffrey  (I've archived it for myself going forward; and I feel empowered by your clear explanation.) I've oft wondered about doing just that - uninstalling anything I'm NOT using/and/or don't care for and then CCleaner and then ERUNT, rebooting, etc.  Something that has always driven me nuts (in the back of my mind - not the front - ) is WHY do I even have QuickTime - as I always associate it with Apple and I don't have an Apple PC - and it doesn't work well anyway!  I'm going to uninstall it now.

 

Do you know what really drives me to distraction?  - I am so computer UNFRIENDLY that when a Blink audit fix explains a required change of registry - although I have done some research - I am frozen.  Having gone through the terror of several blue screens in my life - I have NEVER (consciously) changed a registry - nothwithstanding beautiful Blink's advice; consequently I have @ 20 mild  outstanding audits telling me to do so.  Kinda funny, eh?

 

To show my appreciation to you - let me tell you about a small free application I ran across a few months ago - and now cannot live without: EditPad Lite.  It's an excellent AND QUICK little document editor which pops up instantly when needed and puts Open Office (which takes FOREVER to open) to shame.   Too, you do know about ERUNT, eh?  It's marvelous, powerful (and free.)

 

Anyway, I thank you again for all your help and advice and hope I haven't scared you from helping me in future.  ha ha ha  

 

Gratefully, Wini