Nmap Development mailing list archives
Re: Security update for Microsoft Visual C++ 2008 (vcredist_x86.exe)
From: Michael Pattrick <mpattrick () rhinovirus org>
Date: Tue, 2 Mar 2010 21:41:52 -0500
On Tue, Mar 2, 2010 at 8:07 PM, David Fifield <david () bamsoftware com> wrote:
I can't pretend to understand all of what this is about, but it seems it doesn't lead to any security vulnerability in Nmap? The discussion seems mostly to be about ActiveX controls, and that the presence of the version of the file we install could open vulnerabilities in other programs.
Hey David, A good metric for determining if your software is vulnerable can be found at [0]. Succinctly, because Nmap doesn't use Microsofts proprietary COM interface, we have nothing to worry about. If memory serves, patch action was really only required for Microsoft Visual Studio developers, not runtime distributions; because affected programs needed to be recompiled with the new headers, whereas Microsoft is nice enough to automatically push down this update automatically via windows update to end users. Cheers, Michael [0] http://msdn.microsoft.com/en-us/visualc/ee309358.aspx _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Security update for Microsoft Visual C++ 2008 (vcredist_x86.exe) Axel.Pettinger (Feb 14)
- Re: Security update for Microsoft Visual C++ 2008 (vcredist_x86.exe) David Fifield (Mar 02)
- Re: Security update for Microsoft Visual C++ 2008 (vcredist_x86.exe) Michael Pattrick (Mar 02)
- Re: Security update for Microsoft Visual C++ 2008 (vcredist_x86.exe) David Fifield (Mar 02)