navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: v 202.235 NOT signed by Adobe??

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 11.x

This thread has been marked as locked.
DaaBoss v 202.235 NOT signed by Adobe??
Member 8th May, 2012 02:07
Ranking: 0
Posts: 8
User Since: 31st Aug, 2011
System Score: N/A
Location: US
Last edited on 8th May, 2012 02:25

I hit the "Install Solution" button, which generally takes me to an Adobe site and downloads the file. This time, my browser simply downloaded the file, and then I ran it after downloading manually. But, this time, the W7 UAC told me it was "Publisher Unknown", which I didn't take note of at the time. But, when I ran it, nothing visible happened. I ran it again, and watched process explorer while opening it, and then exiting a few seconds later, with no UI showing.

Next, I ran FileAlyzer2 to see if anything was strange. I found only one noticeable item, shown after the hashes below.
Here are the hashes for the file as reported. Can someone verify if this is truly the right file and it is from Adobe??

CRC-32: 99203A17
CRC-16 (CCITT): F3EA
CRC-16 (Standard): 052C
MD4: 2CD3401D9ADA79B3BC4A406CE67A064A
ed2k: 3498A729A59C73FB4A69FFB0E44A466D
MD5: 449736049E0C845474C07F6A873740D8
SHA-0: 2DA0B8929808A502693CB4BDDAD8BDE19BC0203F
SHA-1: 51E31B70B3E934EC03CFB35FFD4BB5B1CD4086A7

The anomoly is this:
PE checksum does not match content
The checksum calculated for this file (00443CB2) does not match the checksum stored inside the PE header (000365A5).

Next I noticed that it was downloaded from DL.SECUNIA.COM and not Adobe. And, it was HTTP and not HTTPS So, one of my questions is: What happens if someone somehow places a different file on that server with the same file name?

This is the first time I've posted out here for quite some time. I'm not generally paranoid, or, at least I don't usually worry because I've been paranoid at the right times. But this is a bothersome problem for me, and need to know how to have confidence that the install files I'm running are the right ones.

Post here if you need more details. Here is the log file for the install of the Flash file:

--START---

Program Name:
Adobe Flash Player 11.x

Security State:
Insecure

Download Link:
http://dl.secunia.com/SPS/flashplayer_11.2.202.235...

Instances Found:
C:\Windows\SysWOW64\Macromed\Flash\Flash11f.ocx, version: 11.1.102.62 (ActiveX)
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_228.dll, version: 11.2.202.228 (NPAPI)

Last System Scan (localtime):
3. May 2012, 23:01

Operating System:
Microsoft Windows 7, Microsoft Windows 7

---END---

This user no longer exists RE: v 202.235 NOT signed by Adobe??
Member 8th May, 2012 09:46
Hi,

As you can see, it was a file downloaded from "http://dl.secunia.com/SPS/".

Any package found here is a "Secunia Packaging System" package. This means that we repack the binary (Without altering the contents) to make silent installation simpler.

The contents themselves, however, are unmodified - We only provide a binary wrapper around the vendor installer.

hope this helps.
Was this reply relevant?
+0
-0
ddmarshall RE: v 202.235 NOT signed by Adobe??
Dedicated Contributor 8th May, 2012 11:02
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
You also seem to be suffering from the previously noted phenomenon of PSI 2.0 failing to update both the Flash Player ActiveX and Netscape Plugin simultaneously. The ActiveX is version 11.1 and the Plugin is 11.2.

I recommend that you go to http://www.adobe.com/software/flash/about/ with Internet Explorer and another browser such as Firefox to verify that you have the latest versions installed. If not, download from here: http://get.adobe.com/flashplayer/ .

The latest version of the Flash Player Updater will update both versions automatically if you set the Flash Player options to check for updates and install them automatically.
http://blogs.adobe.com/asset/2012/03/an-update-for...


--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+