navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI in error

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
Mike_Perry PSI in error
Member 14th Dec, 2011 16:23
Ranking: -10
Posts: 11
User Since: 14th Dec, 2011
System Score: N/A
Location: UK
PSI is reporting that on one specific account on this PC the Adobe Flash Player is out of date, claiming one file is 'old'. The other three accounts do not have this reported as out of date. Adobe Flash Player 11 has been re-installed as available in all accounts and still this error appears.
The reports states:
---START---

Program Name:
Adobe Flash Player 10.x (NPAPI)

Security State:
Insecure

Download Link:
http://fpdownload.macromedia.com/get/flashplayer/c...

Instances Found:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll, version: 10.3.181.34 (NPAPI)

Last System Scan (localtime):
14. Dec 2011, 13:18

Operating System:
Microsoft Windows XP Professional,

---END---

Checking the actual file shows it to be Version 11.1.102.55, so PSI is wrong!

Secunia need to correct this error. How do I prevent it reporting this wrongly again?

Maurice Joyce RE: PSI in error
Handling Contributor 14th Dec, 2011 16:49
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
That is a well known file that gets left behind during an update.


DELETING A FILE OR FOLDER USING PSI VERSION 2

To delete a vulnerable file or folder found by PSI try this:

1. Open PSI>Scan results.

2. Against the programme marked as vulnerable is a + sign to the left of it.

3. Click that & it will reveal DETECTED INSTANCES.

4. Below that are two yellow folders. Click the one WITHOUT a red dot.

5. That will open Windows Explorer & U will be able to see the vulnerable files or folders.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll, version: 10.3.181.34 (NPAPI)

6. Right click on it & select delete.

7. Carry out a full PSI scan & all should be in order.

Update 1 20:49 09/03/2011


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+5
-1

Mike_Perry

RE: PSI in error
[+]
This reply has been minimised due to a negative Relevancy Score.
ddmarshall RE: PSI in error
Dedicated Contributor 14th Dec, 2011 20:06
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I would only run PSI scans from the account you used to install PSI. I've found if you run it from different administrator accounts, you get multiple sets of results on the Secunia server, which can be confusing.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+4
-1
Maurice Joyce RE: PSI in error
Handling Contributor 14th Dec, 2011 23:11
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I would like to see the technical evidence from Adobe to support this statement "The file in question is NOT one left behind but the one installed by the newer version"

That is certainly not the case with the Active X version where the 3 files are all version 11.1.102.55.

What is unsafe about deleting a file from Flash? What becomes unsafe?

If U remain adamant that PSI is incorrect just create an ignore rule from within PSI.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-1

Mike_Perry

RE: PSI in error
[+]
This reply has been minimised due to a negative Relevancy Score.

Mike_Perry

RE: PSI in error
[+]
This reply has been minimised due to a negative Relevancy Score.
HeidiEmmy RE: PSI in error
Member 15th Dec, 2011 00:41
Score: -1
Posts: 1
User Since: 15th Aug 2009
System Score: N/A
Location: N/A
good morning,

i have got a message from flash player that there is a mistake by loading the player
Was this reply relevant?
+0
-1
Maurice Joyce RE: PSI in error
Handling Contributor 15th Dec, 2011 02:59
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK

Because U claim to fully understand these things I am sure U can now sort it out yourself.Here are the Flash Standalone details U need to investigate:

U have remnants of Flash version 10.3.181.34 installed which PSI has warned U about.
The installer details are:
CRC32: F1220185
MD5: 75D4CA55DB16CDF5D3B604DF23A66210
SHA-1: 2E834F95880FD0B96A9DB93FF48F1E4178EE0913

This is an old file dated June 29th 2011 & Secunia are rightly telling U to remove it


On your opening post PSI gave U a link from Secunia to update to version 10.3.183.11
The installer details are:
CRC32: F1220185
MD5: 75D4CA55DB16CDF5D3B604DF23A66210
SHA-1: 2E834F95880FD0B96A9DB93FF48F1E4178EE0913

This file was available for download on 22 September 2011


U have clearly not used the PSI link (which is OK) but have installed the latest version 11.1.102.55
The installer details are:
CRC32: 725C8CED
MD5: CA9C9A4A754AE442AA9F18FC304A3751
SHA-1: F1F76C35564C9F842A7E005D97F5008173466D46

This was available for download on 11 November 2011

I can find no version 10 files in this download which blows your theory out of the window

U should also bare in mind that once U have sorted out this problem version 11 remains vulnerable as explained here:

http://secunia.com/advisories/47161/ with more detail here http://archives.neohapsis.com/archives/dailydave/2...



The quickest way to resolved your issue is the well tried & tested method here:
UPDATING THE STANDALONE ADOBE FLASH PLAYER

1. Download & SAVE these to desktop.

IE & Other Browsers using the Trident Rendering Engine.

http://fpdownload.adobe.com/get/flashplayer/curren...

& then here, if U have any Gecko based browsers that does not have Flash embedded.

http://fpdownload.adobe.com/get/flashplayer/curren...


2. The installer will appear on the desk top. THE IMPORTANT BIT - Before agreeing to install Flash check these programmes are completely shut down (use the Task Manager if necessary to COMPLETELY EXIT these processes if running):
a. All Browsers.
b. Windows Messenger.
c. Incredimail.
d. All Adobe Products.
e. PSI - Unless using version 2

3. The new install will then remove all old files during the update process.

4. Complete a PSI rescan & all should be in order.
5. Delete the Flash installer(s) file(s) from the desktop.

If U want to double check Flash is working & the version installed click here: http://www.adobe.com/software/flash/about/ If using IE9 ActiveX Filtering must be disabled via IE>Tools before testing

Go to Start>Control Panel>click the Flash Player (32 Bit) icon>check the settings are to your requirements.

Update 9 20:18 07/12/2011












--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+6
-1
Mike_Perry RE: PSI in error
Member 15th Dec, 2011 11:10
Score: -10
Posts: 11
User Since: 14th Dec 2011
System Score: N/A
Location: UK
The PC in question runs XP Pro SP3, fully patched.

There are no discoverable instances of any 'remnants' of version 10.x and Adobe systems do not show any either. Control Panel>Add/remove programs only shows version 11.x.

All files I can find relating to Flash show them as version 11.x.

Three of the accounts are unaffected by this reporting error though they ALL use the same installation done from the admin account, only one account is affected. Since PSI 2 is unable to find any version 10.x files in three of the accounts, including admin, it is suspicious that in only one account PSI 2 is finding what it is reporting as a file needing to be updated.

Rescanning in all four accounts returns the same discrepancy, three accounts fine, one needing an update! Even though they are all using the same files!

I have compared with another similar PC that runs similar software sets and cannot find any differences relating to Flash, all have the same files with the appropriate version 11.x references.

I have done a complete removal of Adobe Flash from the affected PC, checked it is not available in all four accounts, checked there is no visible remnants left (with System files set to be displayed) and rebooted, checked again that there is no presence of Flash, downloaded the very latest available from Adobe and re-installed. PSI 2 still insists that in one account only there is an update issue! All other accounts are unaffected.

So I put this down to a quirk in PSI 2.
Was this reply relevant?
+0
-1
Maurice Joyce RE: PSI in error
Handling Contributor 15th Dec, 2011 11:29
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
U have not fully explained how U have tried to correct the issue with the affected PC.

What did U use to uninstall Flash? Control Panel>add/remove or the recommended uninstaller from Adobe?

Once uninstalled did U run a full PSI scan before attempting to reinstall the updated version?

If not,U have no idea whether your uninstaller method actually worked..Attempting to uninstall Flash when it is in use with NOT clear out all the files nor will a reinstall clear out the old files or overwrite them. I believe this is your problem.

If U are adamant that the vulnerable file does not exist take a snapshot of all your Flash files in Windows Explorer & publish them to the Forum.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
ddmarshall RE: PSI in error
Dedicated Contributor 15th Dec, 2011 22:24
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It is not necessary to run PSI on each account. Any scan will examine all files on the disk. PSI does not look at 'per user' information such as the HKCU Registry key to establish which programs are installed.

I don't know about XP but on later operating systems it is impossible to run the PSI interface as a standard user. If you try, you get a UAC prompt and have to enter an administrator password. So you will be running in the context of the administrator. I discovered when I ran a scan in a second account that PSI kept a separate set of scan results on the server. This set is unaffected by the scheduled scan. So today when I opened PSI on the second account, it quite happily told me the last scan was on 4th February and listed all the software that was installed then as 100% patched. You can see that there is a separate set of results for each user on the server by requesting a token in the API tab in Settings. You get a different token for each account.

From my experience I would not be surprised to get peculiar results when running PSI in different accounts.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0

Mike_Perry

RE: PSI in error
[+]
This reply has been minimised due to a negative Relevancy Score.

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+