Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: v 202.235 NOT signed by Adobe??
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Adobe Systems |
And, this specific program: Adobe Flash Player 11.x |
| DaaBoss | v 202.235 NOT signed by Adobe?? |
|---|---|
 |
8th May, 2012 02:07 |
|
Ranking: 0 Posts: 8 User Since: 31st Aug, 2011 System Score: N/A Location: US Last edited on 8th May, 2012 02:25 |
I hit the "Install Solution" button, which generally takes me to an Adobe site and downloads the file. This time, my browser simply downloaded the file, and then I ran it after downloading manually. But, this time, the W7 UAC told me it was "Publisher Unknown", which I didn't take note of at the time. But, when I ran it, nothing visible happened. I ran it again, and watched process explorer while opening it, and then exiting a few seconds later, with no UI showing. Next, I ran FileAlyzer2 to see if anything was strange. I found only one noticeable item, shown after the hashes below. Here are the hashes for the file as reported. Can someone verify if this is truly the right file and it is from Adobe?? CRC-32: 99203A17 CRC-16 (CCITT): F3EA CRC-16 (Standard): 052C MD4: 2CD3401D9ADA79B3BC4A406CE67A064A ed2k: 3498A729A59C73FB4A69FFB0E44A466D MD5: 449736049E0C845474C07F6A873740D8 SHA-0: 2DA0B8929808A502693CB4BDDAD8BDE19BC0203F SHA-1: 51E31B70B3E934EC03CFB35FFD4BB5B1CD4086A7 The anomoly is this: PE checksum does not match content The checksum calculated for this file (00443CB2) does not match the checksum stored inside the PE header (000365A5). Next I noticed that it was downloaded from DL.SECUNIA.COM and not Adobe. And, it was HTTP and not HTTPS So, one of my questions is: What happens if someone somehow places a different file on that server with the same file name? This is the first time I've posted out here for quite some time. I'm not generally paranoid, or, at least I don't usually worry because I've been paranoid at the right times. But this is a bothersome problem for me, and need to know how to have confidence that the install files I'm running are the right ones. Post here if you need more details. Here is the log file for the install of the Flash file: --START--- Program Name: Adobe Flash Player 11.x Security State: Insecure Download Link: http://dl.secunia.com/SPS/flashplayer_11.2.202.235... Instances Found: C:\Windows\SysWOW64\Macromed\Flash\Flash11f.ocx, version: 11.1.102.62 (ActiveX) C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 Last System Scan (localtime): 3. May 2012, 23:01 Operating System: Microsoft Windows 7, Microsoft Windows 7 ---END--- |
| This user no longer exists | RE: v 202.235 NOT signed by Adobe?? | ||||||||
|
|
8th May, 2012 09:46 | ||||||||
| Hi, As you can see, it was a file downloaded from "http://dl.secunia.com/SPS/". Any package found here is a "Secunia Packaging System" package. This means that we repack the binary (Without altering the contents) to make silent installation simpler. The contents themselves, however, are unmodified - We only provide a binary wrapper around the vendor installer. hope this helps. |
|||||||||
|
|||||||||
| ddmarshall | RE: v 202.235 NOT signed by Adobe?? | ||||||||
|
8th May, 2012 11:02 | ||||||||
| Score: 1129 Posts: 914 User Since: 8th Nov 2008 System Score: 100% Location: UK |
You also seem to be suffering from the previously noted phenomenon of PSI 2.0 failing to update both the Flash Player ActiveX and Netscape Plugin simultaneously. The ActiveX is version 11.1 and the Plugin is 11.2. I recommend that you go to http://www.adobe.com/software/flash/about/ with Internet Explorer and another browser such as Firefox to verify that you have the latest versions installed. If not, download from here: http://get.adobe.com/flashplayer/ . The latest version of the Flash Player Updater will update both versions automatically if you set the Flash Player options to check for updates and install them automatically. http://blogs.adobe.com/asset/2012/03/an-update-for... -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
