In cases where Qualys flags a vulnerability due to the detection of a remnant DLL (I see this a fair amount with old versions of Java and Flash), as opposed to a missing patch, are there additional checks done at that point to determine if the specific DLL(s) in question is registered? My thought is if a vulnerable DLL is not registered, then it consequently doesn’t produce a threat to the machine, as programs should not be able to find it and therefore cannot use it to take advantage of the vulnerability.
Couple questions come to mind:
- If a DLL is unregistered, is there still a threat?
- Does Qualys check to see if certain DLLs are/are not registered?
OR am I thinking of this totally backwards and the mere fact that the scanner is able to determine the file path of the DLL (in the Results section) shows that it is in fact registered?
Just asking out of curiosity. Any clarification would be much appreciated!