Your Privacy Matters: We use our own and third-party cookies to improve your experience on our website. By continuing to use the website we understand that you accept their use. Cookie Policy
Security Issue found in Veracode Scan


one of our customer requested a Security Scan of our Software using the VeraCode Platform. ( ...

We uploaded all of our binaries and started a scan. 

In this version of our Software, we use Infragistics 15.1 for our UI Components...

The Security Scan resulted in a few security issues, and some of them were located in the Infragistics Binaries:

1.) Infragistics.Win.UltraWinDock.Menus.UltraContextMenuManager - Attack Vector : user32_dll.SetWindowsHookExA() 

Refereneces :

2.) Infragistics.Win.KeyboardHookManager - Attack Vector : user32_dll.SetWindowsHookExW

Refereneces :

3.) Infragistics.Win.DropDownManager.ActivationChangeHookManager - Attack Vector : user32_dll.SetWindowsHookExW

Refereneces :

Since these issues are flagged as high risk, our customer will definitely complain about them, and we cannot get rid of the Infragistics references...

Is there a way to fix this problem on our side? Are you aware of these issues?

Thank you for your help... 

  • 12480
    Offline posted

    Hi Luca,

    This issue comes up from time to time, and it is normally okay to leave it alone once we've verified that the warning is expected. In order to determine that, we'll need to know which IG DLLs reported the flaw. Veracode should provide a call stack that we can use to determine the code path that was followed to invoke those SetWindowsHook calls. Please provide this so we can investigate.

    If you would prefer not to provide this information on the public forum, please let me know and I will open a private case for you.

Reply Children