what you don't know can hurt you

OpenLimit Reader Vulnerable Components

OpenLimit Reader Vulnerable Components
Posted Jun 26, 2012
Authored by Stefan Kanthak

OpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.

tags | advisory
MD5 | cba35307c4a79af3a60bc1a77bfe05e4

OpenLimit Reader Vulnerable Components

Change Mirror Download
Hi @ll,

the OpenLimit reader (<https://www.openlimit.com/en/products/reader.html>
and <https://www.openlimit.com/en/products/reader/download-reader.html>),
an application aimed to provide security by validating X.509 signatures
and signing PDFs inside Adobe Reader, contains completely outdated,
superfluous and vulnerable components, which comprise 40% (SIC!) of the
whole installation package!


JFTR: the downloadable self-extracting setup program "OLReader2502_DE.exe"
as well as the contained files (SETUP.EXE, SCSetup\WS*.DLL) are all
signed with an X.509 certificate valid until 2012-05-26T23:59:59Z.

Fortunately some wise guy but missed to time-stamp the signed files,
Windows treats the signature as invalid since 2012-05-27T00:00:00Z.-P


According to it's manufacturer, this application supports Windows 2000
and later versions.

The self-extracting setup program "OLReader2502_DE.exe" extracts the
following 3rd party files (ALL are updates/installers from Microsoft)
into "%TEMP%\SignCubesInstall":


INSTMSI.EXE 12.0.2600.2 from 2002-02-19

the installation package of "Microsoft Installer 2.0".

A newer version of Microsoft installer is part of ALL supported
versions of Windows, this package MUST NOT be run there; cf.
<http://msdn.microsoft.com/en-us/library/aa369548.aspx>!


INSTMSIW.EXE 6.0.2448.0 from 2002-02-19

the installation package of "Microsoft Installer 2.0" for the
unsupported platforms Windows 9x/ME!


OUT128.EXE 5.5.3131.1 from 2000-12-02

a superseded patch for the unsupported Outlook 2000.


SCBASE_D.EXE 4.71.1015.0 from 1998-04-17

a superseded patch for the unsupported platforms Windows NT4 and
Windows 9x for the installation of the "Microsoft Win32 Smart Card
Base Components v1.0".

A newer version of this component is part of ALL supported versions
of Windows!


ATL.MSI

a superseded installer, containing two outdated and vulnerable

ATL.DLL 3.0.8449.0 from 2000-11-02

for the unsupported platforms Windows NT4 and Windows 9x.

A newer version of this file is part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there; cf.
<http://msdn.microsoft.com/en-us/library/ms954376.aspx>!


COMCAT.MSI (TOTALLY superfluous, since contained in other *.MSI too!)

a superseded installer, containing the outdated and vulnerable

COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platform Windows NT4.

A newer version of this file is part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


COMCT232.MSI (TOTALLY superfluous, since contained in other *.MSI too!)

a superseded installer, containing the outdated and vulnerable

COMCT232.OCX 6.0.80.22 from 1998-06-24
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


COMCT332.MSI

a superseded installer, containing the outdated and vulnerable

COMCT332.OCX 6.7.0.8988 from 2000-12-06
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


COMCTL32.MSI

a superseded installer, containing the outdated and vulnerable

COMCTL32.OCX 6.0.81.5 from 2000-05-23
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


COMDLG32.MSI

a superseded installer, containing the outdated and vulnerable

COMDLG32.OCX 6.0.84.18 from 2000-05-23
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


MFC42.MSI

a superseded installer, containing the outdated and vulnerable

MFC42.DLL 6.0.8665.0 from 2000-04-06
MSVCRT.DLL 6.0.8797.0 from 2000-04-06
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


MSCOMCT2.MSI (replaced the older COMCT232.MSI!)

a superseded installer, containing the outdated and vulnerable

COMCT232.OCX 6.0.88.4 from 2000-05-23
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


MSCOMCTL.MSI

a superseded installer, containing the outdated and vulnerable

MSCOMCTL.OCX 6.0.88.62 from 2000-05-23
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


MSVBVM60.MSI

a superseded installer, containing the outdated and vulnerable

MSVBVM60.DLL 6.0.89.64 from 2000-11-08
OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28
COMCAT.DLL 4.71.1460.1 from 1998-12-09

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


MSVCIRT.MSI

a superseded installer, containing the outdated and vulnerable

MSVCRT.DLL 6.0.8797.0 from 2000-04-06
MSVCIRT.DLL 6.0.8168.0 from 2000-04-06

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


MSVCP60.MSI

a superseded installer, containing the outdated and vulnerable

MSVCRT.DLL 6.0.8797.0 from 2000-04-06
MSVCP60.DLL 6.0.8972.0 from 2000-08-29

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


MSVCRT.MSI (TOTALLY superfluous, since contained in other *.MSI too!)

a superseded installer, containing the outdated and vulnerable

MSVCRT.DLL 6.0.8797.0 from 2000-04-06

for the unsupported platforms Windows NT4 and Windows 9x.

A newer version of this file is part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


OLEAUT32.MSI (TOTALLY superfluous, since contained in other *.MSI too!)

a superseded installer, containing the outdated and vulnerable

OLEAUT32.DLL 2.40.4275.1 from 2000-04-12
ASYCFILT.DLL 2.40.4275.1 from 1999-03-08
OLEPRO32.DLL 5.0.4275.1 from 1999-03-08
STDOLE2.TLB 2.40.4275.1 from 2000-03-28

for the unsupported platforms Windows NT4 and Windows 9x.

Newer versions of these files are part of ALL supported versions
of Windows and MUST NOT be redistributed or installed there!


Fortunately the "Windows File Protection" fixes most of the damage done
by the installation of this piece of crap^W^W^Wwell engineered software
and restores the overwritten system files.


On Windows 5.x the following overwritten registry entries are but NOT
fixed:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InProcServer32]
@="C:\\WINDOWS\\system32\\MFC42.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InProcServer32]
@="C:\\WINDOWS\\system32\\MFC42.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InProcServer32]
@="C:\\WINDOWS\\system32\\MFC42.DLL"

MFC42.DLL is the ANSI version of this system DLL, suitable for Windows
9x/ME. Windows NT* but needs the UNICODE version of this DLL, named
MFC42U.DLL. As result, UNICODE programs which use MFC42.DLL will fail!


To complete the sad story: before the installation ALL system DLLs were
registered with their fully qualified pathnames and were not vulnerable
to "binary planting" attacks (<http://support.microsoft.com/kb/2269637>
and <http://support.microsoft.com/kb/2264107>).


After the installation, the Windows installation was vulnerable again
(modulo the "Known DLLs"):

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InProcServer]
@="ole2disp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InProcServer]
@="ole2disp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InProcServer]
@="ole2disp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InProcServer]
@="ole2disp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InProcServer]
@="ole2disp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InProcServer]
@="ole2disp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InProcServer32]
@="oleaut32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InProcServer32]
@="oleaut32.dll"


Stefan Kanthak


Timeline:

2012-05-19 vendor informed

... no reaction until

2012-06-25 report published

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close