Addsum web site and general info

Postings here will focus mainly on Advanced Accounting software updates, tips, and related topics. They will also include general comments relating to troubleshooting PC/Windows/network problems and may also include reference to our other software products and projects including any of our various utilities, or to the TAS Premier programming language. We considered setting up separate blogs for different topics so that users/others could subscribe to topics mostly aligned with their interests, but decided that it would be better to keep things simple since some topics cross over into others. We would nonetheless welcome your feedback/input in this regard. Our web site URL is www.addsuminc.com. Call us at 800-648-6258 or 801-277-9240. We also maintain www.advancedaccounting.us so that older Business Tools users in particular have a greater chance to find us.

Follow

We highly recommend that accounting software users "follow" this blog via e-mail (enter your address and click on Submit below) or subscribe to a feed (see also below) as a way to keep current on the latest updates and accounting software news and information. You may also want to whitelist this e-mail address: noreply@blogger.com.

Follow by e-mail

Thursday, April 27, 2017

Keyhelp.ocx vulnerability relating to Actian PSQL 12 install

A TAS Premier 7i runtime user relating to a third party vertical market software system (for which we provide support assistance as well as programming) has reported receiving a notice from their security vulnerability analysis software relating to a file installed by Actian/Pervasive version 12 as follows:

Description: The remote host has KeyWorks KeyHelp ActiveX control installed, which is affected by multiple vulnerabilities 

- Multiple stack-based buffer overflows exist that could allow an
attacker to execute arbitrary code. (CVE-2012-2515)

- An unspecified command injection vulnerability. (CVE-2012-2516)


KEYHELP.OCX is a part of the PSQL 12 install and is not harmful.  It is also, however, a non-essential control with respect to the Pervasive engine.

See:

https://supportactian.secure.force.com/help/articles/Technical_Document/Keyhelp-ocx-reported-as-a-security-vulnerability-by-security-analyzer-utilities

https://supportactian.secure.force.com/help/articles/Bug_Document/Actian-Security-Vulnerabilities-NoticePSQL/




Note that Actian recommends the removal of this control (which is only used when running the Pervasive System Analyzer aka PSA tool).   It will not be shipping with future updates to the v12 engine starting with service pack 1,  i.e. 12.10.  

For users with older installations of version 12 (i.e prior to 12.10), the instructions in the second link above is repeated below:


You can prevent the installation of this file by using the 'Custom' Setup Type option, and changing the installation option for the optional utility to 'This feature will not be available' during the installation.  Alternatively, it can be removed from an existing PSQL installations by modifying the installation to remove the optional utility by selecting 'Uninstall/Change' from Programs and Features, selecting the default 'Modify' option and removing the utility from the installation. 











No comments:

Post a Comment