Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 11.x

This thread has been marked as locked.
dickvisser 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?
Member 31st Oct, 2012 10:00
Ranking: 2
Posts: 15
User Since: 14th Mar, 2012
System Score: N/A
Location: NL
Hi guys

Just trying out the new Windows 8.
PSI sees a vulnerable Flash version in C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31 bf3856ad364e35_6.2.9200.16426_none_8f0117bf278213e a, but when trying to update PSI keep stuck at status "Verifying update".

According to Adobe (http://www.adobe.com/software/flash/about/), 11.3.375.10 is actually the one for Windows 8. And it looks like this one isn't possible to update by external tools such as PSI.

So either Secunia incorrectly flags this as being vulnerable, or Microsoft ships a vulnerable version that is not patchable.

It the latter is true (which I think it is), then Secunia should not try to update it and just flag it as insecure, instead of trying to update it and constantly fail.

Microsoft should not have shipped a vulnerable version to begin with, and patch it as soon as possible when it became known.

ddmarshall RE: 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?
Dedicated Contributor 31st Oct, 2012 14:37
Score: 1212
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
The Flash Player in Windows 8 is not vulnerable.
Microsoft issued 11.3.375.10 on 8th October simultaneously with Adobe releasing 10.4.402.287.

See http://technet.microsoft.com/en-us/security/adviso... which references the Adobe Security Bulletin http://www.adobe.com/support/security/bulletins/ap...

That said, PSI should not be picking up files in WinSxS.

If you did an in-place upgrade to Windows 8, have the IE 9 versions of the ActiveX modules been left behind? It might be worth running the Flash Player uninstaller to see if that helps.


--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
billmowat RE: 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?
Member 1st Nov, 2012 01:44
Score: 0
Posts: 2
User Since: 1st Nov 2012
System Score: N/A
Location: US
I just upgraded in place from Windows 7 to Windows 8. I ran a full scan after the upgrade, and I get the following report for Adobe Flash player. By the way, I have checked at adobe.com to make sure the version I have is correct for Windows 8, but secunia still shows it as out of date.

This needs to be fixed by secunia, IMHO.

Thanks!

Program Name:
Adobe Flash Player 11.x

Security State:
Insecure

Download Link:
http://dl.secunia.com/SPS/AdobeFlashPlayer_11.4.40...

Instances Found:
C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31 bf3856ad364e35_6.2.9200.16384_none_8ebe35bd27b48bb b\Flash.ocx, version: 11.3.372.94 (ActiveX)
C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31 bf3856ad364e35_6.2.9200.16426_none_8f0117bf278213e a\Flash.ocx, version: 11.3.375.10 (ActiveX)
C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31 bf3856ad364e35_6.2.9200.20527_none_8f8bb4d4409ecd0 b\Flash.ocx, version: 11.3.375.10 (ActiveX)
C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx, version: 11.3.375.10 (ActiveX)

Last System Scan (localtime):
31. Oct 2012, 17:30

Operating System:
Microsoft Windows 8, Pro
Was this reply relevant?
+0
-0
E.Jeppesen RE: 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?
Secunia Official 1st Nov, 2012 15:02
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Thank you for reporting this issue.
We have had to make some special adjustments to our detection rules for Adobe Flash Player 11.x. After a rescan the issue should now have been fixed.
dickvisser RE: 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?
Member 1st Nov, 2012 15:03
Score: 2
Posts: 15
User Since: 14th Mar 2012
System Score: N/A
Location: NL
Litterally while reading this PSI in my Windows 8 VM turned green :-)

thnaks!!
Was this reply relevant?
+0
-0
billmowat RE: 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?
Member 1st Nov, 2012 16:08
Score: 0
Posts: 2
User Since: 1st Nov 2012
System Score: N/A
Location: US
Yes. I re-ran the scan this morning with excellent results. Thanks for the fix. -- Bill
Was this reply relevant?
+0
-0
Nergali RE: 11.3.375.10 (ActiveX) impossible to update or remove on Windows 8?
Member 8th Nov, 2012 06:21
Score: 19
Posts: 48
User Since: 23rd Aug 2010
System Score: 100%
Location: US
Last edited on 8th Nov, 2012 06:28
sadly, just after the fix comes PSI no longer seeing the actual flash at all but still flagging the old versions in winsxs
http://i388.photobucket.com/albums/oo325/nergaljaf...

Again, I feel this falls on Microsoft a bit for leaving old versions on the machine
http://i388.photobucket.com/albums/oo325/nergaljaf...
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer