Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: adobe shockwave,reader and jave jdk and jre false positives

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
tabath adobe shockwave,reader and jave jdk and jre false positives
Member 13th Mar, 2013 15:39
Ranking: 0
Posts: 22
User Since: 2nd Aug, 2010
System Score: N/A
Location: N/A
Am having problems similar to others with psi not seeming to see that these programs have been updated.

For instance;

Adobe shockwave - psi states it is an outofdate version 11 of shockwave but browsing to the location shows it is in fact version 12 .

Adobe reader - psi detail show v10.1.4.38 installed, double clicking on this link and I look at the details for that file and it is actually v10.1.6.1 that is installed.

I assume similar things are happening with the java(64 bit) jdk and jre files?

Any hints on what I can do to stop these false positives? - as I can't delete the files psi seems to be seeing as they are not there!

Maurice Joyce RE: adobe shockwave,reader and jave jdk and jre false positives
Handling Contributor 13th Mar, 2013 16:03
Score: 11580
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 13th Mar, 2013 17:12
If you have completed a full PSI rescan & those items are showing as vulnerable they are not false positives. All PSI does is read the meta data of files installed on a PC.

What path is PSI showing to the files?

FINDING A FILE PATH USING PSI

VERSION 2


From the DASHBOARD page click on SCAN RESULTS.

1. This will list all your programmes with a + to the left of each programme.
2. Click the + sign next to the item that U want help with.
3. This will reveal the path under DETECTED INSTANCES.
4. Below DETECTED INSTANCES you will see this You can double click this row for additional information & options>double click it>a box will appear>look to the RIGHT & U will see TROUBLESHOOT REPORT in BLUE writing under the heading TOOLBOX> click TroubleShoot Report & it will reveal some information in a box>highlight the information revealed from ---START--- to ---END--- & copy it (CTRL+C) then post it to the Forum (CTRL+V)

VERSION 3
This version does not have such an easy method to publish the path.

Open PSI>once open select Show Programs.
U will now see a page full of programme icons or a list.
Right click on the programme in error>select Show Details - that will open a box showing the path & version number of the offending file.
U now have 2 options:
1. Write down the exact file path & install version - return to the Forum & type that information.
2. Take a screen shot & publish that.

Last Reviewed 14:58 13/03/2013

Have you fixed the entry here as I note you have not updated the Forum or locked the thread.

https://secunia.com/community/forum/thread/show/13...




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
tabath RE: adobe shockwave,reader and jave jdk and jre false positives
Member 13th Mar, 2013 17:16
Score: 0
Posts: 22
User Since: 2nd Aug 2010
System Score: N/A
Location: N/A
Hi

the Adobe reader details show:

c:\Program Files(x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Installed Version: 10.1.4.38

In fact going to this location the installed version is 10.1.6.1

The Adobe Shockwave:

c:\windows\sysWOW64\Adobe\Shockwave 11\SWInit.exe Installed Version:11.6.6.636

n fact at this location there is no Shockwave 11 folder - only a shckwave 12 folder and version 12 installed there
Was this reply relevant?
+0
-0
Maurice Joyce RE: adobe shockwave,reader and jave jdk and jre false positives
Handling Contributor 13th Mar, 2013 17:45
Score: 11580
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
So PSI has found the items. Now you need to follow the proper trail & delete them.

DELETING A FILE OR FOLDER

VERSION 2


1. Open PSI>Scan results.

2. Against the programme marked as vulnerable is a + sign to the left of it.

3. Click that & it will reveal DETECTED INSTANCES.

4. Below that are two yellow folders. Click the one WITHOUT a red dot.

5. That will open Windows Explorer & U will be able to see the vulnerable file.
c:\Program Files(x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Installed Version: 10.1.4.38

6. Right click on that file & select delete.

7. Carry out a full PSI scan & all should be in order.

VERSION 3

Open PSI>once open select Show Programs.

U will now see a page full of programme icons or a list.

Right click on the icon that represents the programme in error>select Show Details - that will open a box showing the path & version number of the offending file.

Double click on c:\Program Files(x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Installed Version: 10.1.4.38

That will open Windows Explorer & U will see that file. Right click on it & select delete.

Run a full PSI scan & the problem should be resolved.

Last Reviewed 16:37 13/03/2013

There is indeed a version 11 file. The path you give is: c:\windows\sysWOW64\Adobe\Shockwave 11\SWInit.exe Installed Version:11.6.6.636

Carry out exactly the same procedure as above to remove this file.

Unless you are a developer you do not require Oracle JDK (JDK also installs JRE). I assume you have resolved this issue because you have not produced the path PSI gives you.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
tabath RE: adobe shockwave,reader and jave jdk and jre false positives
Member 14th Mar, 2013 12:07
Score: 0
Posts: 22
User Since: 2nd Aug 2010
System Score: N/A
Location: N/A
Thanks for your reply:

With regards to the Java - I still have that problem but I thought i would just try to get the Adobe problem sorted first.

Re: your reply, as I said above the path given by PSI leads to UPTODATE versions of reader and shockwave. The old versions referred to in the PSI details are not there and have been removed by the adobe update programs.

eg:Double click on c:\Program Files(x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Installed Version: 10.1.4.38

The file at this path is in fact 10.1.6.1 not 10.1.4.38 as PSI is stating. Its also the same for shockwave:

there is in fact no such path as this:

c:\windows\sysWOW64\Adobe\Shockwave 11\SWInit.exe

as folder \Shcokwave 11 has been removed by the Adobe update and been replaced by \Shockwave 12

Was this reply relevant?
+0
-0
tabath RE: adobe shockwave,reader and jave jdk and jre false positives
Member 14th Mar, 2013 12:09
Score: 0
Posts: 22
User Since: 2nd Aug 2010
System Score: N/A
Location: N/A
Btw thw MSXML problem I had cleared itself after 3 days so it can be closed - how do I do that?

Also just for other folks info on that Windows update showed no updates to be applied for those 3 days - so the update had to have been applied and PSI just wasn't seeing it for some reason for those 3 days - as I don't have autoupdate enabled.
Was this reply relevant?
+0
-0

NancyJ

RE: adobe shockwave,reader and jave jdk and jre false positives
[+]
This reply has been deleted
Maurice Joyce RE: adobe shockwave,reader and jave jdk and jre false positives
Handling Contributor 14th Mar, 2013 12:43
Score: 11580
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Do I take it that this problem is also resolved?

It is always a good idea to lock a thread once the problem is resolved.

1. One, it indicates to the helper(s) that the problem is solved.

2. Two, it protects your mail box from update emails from possible tag on posts.

To close a thread you click the ACCEPT button on the reply (post) that helped you the most or you can request it is closed in your post & then either a Secunia Official or I will lock it for you.

If you do not lock a thread it will auto lock after 7 days of no activity.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
tabath RE: adobe shockwave,reader and jave jdk and jre false positives
Member 14th Mar, 2013 13:24
Score: 0
Posts: 22
User Since: 2nd Aug 2010
System Score: N/A
Location: N/A
No this problem still exists. The Adobe and Java have all been updated , I have checked the files and they are the correct ones but PSI is still showing old files as being installed
Was this reply relevant?
+0
-0
Maurice Joyce RE: adobe shockwave,reader and jave jdk and jre false positives
Handling Contributor 14th Mar, 2013 14:14
Score: 11580
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I think it means you have not found the files PSI is pointing to in Windows Explorer.

Run another full PSI scan.

If PSI still claims you have rogue (vulnerable) files what path does it give you?


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
tabath RE: adobe shockwave,reader and jave jdk and jre false positives
Member 14th Mar, 2013 15:37
Score: 0
Posts: 22
User Since: 2nd Aug 2010
System Score: N/A
Location: N/A
ok ,just ran another PSI scan - Adobe problems showing as solved now - it seems that PSI takes a few days to clear reports after a program has been updated even though you run full scans. I must have run 6 scans in the last 2 days after having updated these programs.

The Java problem is still there though. I will leave it another day to see if that clears itself before either closing this or returning to ask for help:)
Was this reply relevant?
+0
-0
Maurice Joyce RE: adobe shockwave,reader and jave jdk and jre false positives
Handling Contributor 14th Mar, 2013 15:38
Score: 11580
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 14th Mar, 2013 18:52
Thank you for the update.

EDIT: If it does not clear up in a few days I would do this if you really require Oracle JAVA.

Using Control Panel>add/remove uninstall ALL versions of JRE or JSE or JDK or JVM or JAVA(TM).

Run a full PSI rescan. If that scan gives a clean bill of health reinstall JAVA from here:

http://java.com/en/download/index.jsp

If you are a Developer & require JDK then use this link:

http://www.oracle.com/technetwork/java/javase/down...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability