navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Outdated flash player

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 11.x

This thread has been marked as locked.
mickymik Outdated flash player
Member 15th May, 2012 19:27
Ranking: 1
Posts: 9
User Since: 3rd Oct, 2010
System Score: N/A
Location: UK
Last edited on 15th May, 2012 19:33

Hi, I was looking at the dashboard of a security program called Trusteer Rapport, and it was reporting that my flash player was outdated. I ran a scan withe Secunia PSI 3 beta and was told all programs were upto date. In my firefox add ons section it reports I have the flash plug in 11.2..202.197 last updated Feb 16
I am confused, I will delete the plug in immediately and install the latest, can anyone explain this. Thanks

ddmarshall RE: Outdated flash player
Dedicated Contributor 15th May, 2012 23:51
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
11.2.202.197 was a Beta version. This means that PSI would not monitor it.

Be sure to check your Internet Explorer ActiveX as well as the Firefox plugin. They have to be downloaded separately.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
Anthony Wells RE: Outdated flash player
Expert Contributor 16th May, 2012 00:53
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello ,

I would like to tag on to this thread as there are other detection problems with Adobe Flash in PSI version 2.x and therefore possibly in version 3Beta .

ddm has repeatedly pointed out (two or three threads , at least) that the "auto-update" by the PSI often tends to update only one or other of the ActiveX or the NPAPI plug-in when both are installed on a system .

My current display after a full (weekly) scan shows FOUR installations/detected instances :-

1) is in my Chrome Canary Browser (not normally everfollowed by the PSI(alpha nightly build)) and shows as the only "patched Actual Installation" at :

C:\Documents and Settings\MyName\Local Settings\Application Data\Google\Chrome SxS\Application\21.0.1137.0\gcswf32.dll, version 11.3.300.250 (NPAPI)

2)is in my Chrome Frame (not Browser) BHO Stable version as a patched Zombie installation at :

C:\Program Files\Google\Chrome Frame\Application\19.0.1084.46\gcswf32.dll, version 11.2.202.235 (NPAPI)

whilst 3) and 4) are the regular patched but now classified as "Zombie Installations" of the 11.2.202.235 verions of ActiveX and NPAPI plug-ins in their normal/correct ...\System32\Macromed\... folder .

As I type , PSI has just added a second "Actual installation" for the Canary browser which has just updated itself ; so FIVE detected instances in all atm .

This must cause a problem for the Secunia silent update (SPS) detection/installation .

My Chrome Dev Channel (Alpha) Browser Flash installion is not being picked up at all which is to be expected ; but not yet ruled out .

I do believe Secunia need to look into this problem of faulty detection and incomplete updating of Adobe Flash in the PSI version 2.x and certainly before they push out version 3Beta3 .

Take care

Anthony




--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Anthony Wells RE: Outdated flash player
Expert Contributor 16th May, 2012 23:55
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Just to update for Chrome users and Support ; the tray icon continues to give me update pop-ups as my Canary breeds a new version .

The actual browser (alpha nightly build) is (correctly) not displayed as such by the PSI only the Flash file(s) ; again , the gcswf32.dll, 11.3.300.250 (NPAPI) versions of the Flash file ,which is/are are Beta 3 version(s) are (incorrectly) monitored and display as the "patched actual installations" ; of course , the older version of the actual browser is a "zombie" . So there you go .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mickymik RE: Outdated flash player
Member 17th May, 2012 14:19
Score: 1
Posts: 9
User Since: 3rd Oct 2010
System Score: N/A
Location: UK
on 15th May, 2012 23:51, ddmarshall wrote:
11.2.202.197 was a Beta version. This means that PSI would not monitor it.

Be sure to check your Internet Explorer ActiveX as well as the Firefox plugin. They have to be downloaded separately.


Thanks for your answer. It does not sound good if Secunia does not check beta versions.As far as I know there were several proper versions after mine
11.2.202.228
11.2.202.233
11.2.202.235
So in future , I guess I will not use beta's.
I have disabled I.E and do not have any flash for that
Many thanks for your help
Was this reply relevant?
+0
-0
Anthony Wells RE: Outdated flash player
Expert Contributor 17th May, 2012 14:31
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello again ,

Just to repeat , at present , my PSI 2.0x is detecting and displaying a Flash Beta version in my two Alpha Chrome browsers (one in each) :-

1) In Canary at C:\Documents and Settings\UserName\Local Settings\Application Data\Google\Chrome SxS\Application\21.0.1137.1\gcswf32.dll, version 11.3.300.250 (NPAPI)

And now today , 2) in the Dev Channel , since it has updated it's embedded FLash to the Beta 3 , at C:\Documents and Settings\UserName\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.8\gcswf32 .dll, version 11.3.300.250 (NPAPI)

This is a new situation and Secunia Support have yet to comment . If you wish for a quicker response on this Beta detection "anomaly" from them you could email them at support@secunia.com .

Take care

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+