AnsweredAssumed Answered

Identify Reported Vulnerabilities - Potential False Positives

Question asked by bitrover on Feb 28, 2013
Latest reply on Mar 1, 2013 by downinej



I've seen quite a few threads around the false positive topics, but I'd like know what investigations I can do on my own before reporting a finding as a false positive to Qualys for review.


As a concrete example: I have a server that shows MS12-079 - Microsoft Word Remote Code Execution Vulnerability, QID 90551, which is Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS09-062).  I have checked this server and it does not have ANY Office products installed.


Is there a way to obtain more info (e.g. within Qualys) to find out exactly what file / DLL / executable it identified that triggered it to believe this vulnerability exists?  The above mentioned vulnerability is just an example, not the focus.