navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: adobe shockwave v12 update did not remove old version

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Shockwave Player 12.x

This thread has been marked as locked.
taffy078 adobe shockwave v12 update did not remove old version
Contributor 5th May, 2013 08:09
Ranking: 408
Posts: 1,352
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
I've not used my laptop (Win7 IE9) for three weeks.

When I powered up today, there were three EoL programs showing, including Adobe Shockwave v10.

I can only think that when I updated it to v12 in April, it didn't uninstall v 10.

This was always a problem with Adobe in the bad old days (a.k.a. Maurice Joyce's "chocolate teapot").

Anyone else had this?

PS will contact you soon, Mogs

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

mogs RE: adobe shockwave v12 update did not remove old version
Expert Contributor 5th May, 2013 08:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hi taffy ! Good to see you back on the forum....look forward to mail later.
That's a misprint, isn't it....F/P 12 ?
From what I can see of it ....even tho' Flash Player 10 may be showing as End of Life....you might be better holding on to it for the time being...until F/P 11 gets it's Highly Critical vulnerability patched.

F/P 10 is showing okay here :-http://secunia.com/advisories/product/20166/
F/P 11 Vulnerable here :-http://secunia.com/advisories/product/38260/

I've got Flash Player in Chrome disabled ; which means Chrome Dev gets tho' Qualys Browsercheck !!

Regards..............mogs


--
Was this reply relevant?
+0
-0
mogs RE: adobe shockwave v12 update did not remove old version
Expert Contributor 5th May, 2013 09:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Sorry....my mistake taffy.....caused by my Shockwave Flash in Chrome showing as also Flash Player 11 !! Confusion !!
Just had another look thro' the Advisories and noted...http://secunia.com/advisories/product/44140/

corresponding to what you'd referred to !....My apologies....hope I havn't caused you any grief !!

--
Was this reply relevant?
+0
-0
Maurice Joyce RE: adobe shockwave v12 update did not remove old version
Handling Contributor 5th May, 2013 10:41
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
The comments in the Excel spreadsheet I sent you regarding the successful updating of any Adobe products are extant & covers the point you are making.





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: adobe shockwave v12 update did not remove old version
Expert Contributor 5th May, 2013 16:17
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 5th May, 2013 16:38
Hi ,

I don't have Maurice's spreadsheet but if memory serves , Shockwave 10.x used to reappear frequently when it was needed/loaded by certain (old) games .

If correctly patched there a no extant vulnerabilities in 10.x , as showing here :-

http://secunia.com/advisories/product/4909/?task=a...

and includes

http://secunia.com/advisories/36049/

The list indicates the need to update to 11.x ***, even so , there was always argument as to whether 10.x was actually vulnerable in the games situation , as per this discussion (amongst very many others) :-

http://secunia.com/community/forum/thread/show/116...

***EDIT : : just to avoid confusion , the latest (secure) version of Shockwave is 12.0.2.122

Take care

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs RE: adobe shockwave v12 update did not remove old version
Expert Contributor 5th May, 2013 21:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 5th May, 2013 21:36
Just to clear up any possible confusion created by my earlier post/statement....
I've got Flash Player in Chrome disabled ; which means Chrome Dev gets tho' Qualys Browsercheck !!

I've since run Chrome Dev thro' Qualys Browsercheck with Flash enabled, and got a ........

Browser Check Complete
Congratulations! You passed Qualys BrowserCheck.
We recommend you scan your browser regularly to stay up to date with the latest versions and plugins.

Qualys® BrowserCheck Results
Adobe Flash
11.7.700.194
Show / Hide Details
Up To Date
https://browsercheck.qualys.com/?scan_type=js


--
Was this reply relevant?
+0
-0
Anthony Wells RE: adobe shockwave v12 update did not remove old version
Expert Contributor 5th May, 2013 23:58
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi Mogs ,

My Chrome Dev channel passes Qualy's as up to date but for Adobe Flash it only refers to the Chrome Pepper Flash installation and ignores the (second) NPAPI installation (for my Firefox) , The versions are not the same .

Chrome plugins in "Settings" shows this for Adobe Flash Player :-

Adobe Flash Player (2 files) - Version: 11.7.700.194
Shockwave Flash 11.7 r700
Name: Shockwave Flash
Description: Shockwave Flash 11.7 r700
Version: 11.7.700.194
Location: C:\Program Files\Google\Chrome\Application\28.0.1496.0\Pepper Flash\pepflashplayer.dll
Type: PPAPI (out-of-process)
Disable
MIME types:
MIME type Description File extensions
application/x-shockwave-flash Shockwave Flash
.swf
application/futuresplash FutureSplash Player
.spl
Name: Shockwave Flash
Description: Shockwave Flash 11.7 r700
Version: 11,7,700,169
Location: C:\WINDOWS\system32\Macromed\Flash\NPSWF 32_11_7_700_169.dll
Type: NPAPI
Disable
MIME types:
MIME type Description File extensions
application/x-shockwave-flash Adobe Flash movie
.swf
application/futuresplash FutureSplash movie
.spl

Qualy's also detects Adobe Shockwave Player and my version 12.0.2.122 is shown as up todate . Settings/plugins in my Chrome displays :-

Adobe Shockwave Player - Version: 12.0.2r122
Adobe Shockwave for Director Netscape plug-in, version 12.0.2.122
Name: Shockwave for Director
Description: Adobe Shockwave for Director Netscape plug-in, version 12.0.2.122
Version: 12.0.2r122
Location: C:\WINDOWS\system32\Adobe\Director\np32d sw_1202122.dll
Type: NPAPI
Disable
MIME types:
MIME type Description File extensions
application/x-director Shockwave Movie
.dir .dxr .dcr

The use of the name/word "Shockwave" dates back to when it was part of Macromedia .

Hope that helps .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs RE: adobe shockwave v12 update did not remove old version
Expert Contributor 6th May, 2013 00:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thanks Anthony...yeah, it does help.....I've tended to lose sight of things Adobe since simply relying on the integral plug-in within Chrome.
My only instance in Dev agrees with the first of yours :-

Adobe Flash Player - Version: 11.7.700.194
Shockwave Flash 11.7 r700
Name: Shockwave Flash
Description: Shockwave Flash 11.7 r700
Version: 11.7.700.194
Location: C:\Program Files\Google\Chrome\Application\28.0.1496.0\Pepper Flash\pepflashplayer.dll
Type: PPAPI (out-of-process)
Disable
MIME types:
MIME type Description File extensions
application/x-shockwave-flash Shockwave Flash
.swf
application/futuresplash FutureSplash Player
.spl

Even so....Qualys was flagging it a day or so ago..

--
Was this reply relevant?
+0
-0
Anthony Wells RE: adobe shockwave v12 update did not remove old version
Expert Contributor 7th May, 2013 15:27
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi Mogs ,

You are using an Alpha software -not to mention nightlies - and all that entails . For example , re Flash , in the past months the Dev channel :-

1) did not update to a secure version from an insecure version for (quite) a few days , and

2) for the past few weeks has been running version numbers between the Firefox Stable .169 (NPAPI) and the Chrome Stable .179 (PPAPI) and has only gone to .194 in the last few days .

Non sequential numbers are common when fixing stability problems in the Dev channel ; I doubt if Qualys' or anyone else would know if there was a security risk with the .17x versions , it was telling you that your version was a lesser number than the stable/secure .179 . Is .194 secure ?? No idea .

If you have NPAPI loaded as well as PPAPI you can always disable/alternate if you see an insecure or unknown version installed .

As a non developer and despite Chrome's own sandboxing , I always browse in another sandbox , in my case "Sandboxie . Ditto for Ff .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs RE: adobe shockwave v12 update did not remove old version
Expert Contributor 7th May, 2013 18:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thanks Anthony....very useful.......and timely ! I've been running without Canary for about the last two weeks or so. Of course it was also handy as a comparison against the Dev....in fact I used it more than the Dev Channel ! I'd just recently been thinking of installing it again....which I think I'll do after this post......I just keep wondering where it is at now....29 perhaps ?
I take your point with regard to Adobe F. 11......the fact that Qualys flagged 11.7.700.194....and then later okayed it, suggests they'd taken a closer look......but I think I'll keep it disabled.

Thanks again.......regards.........mogs


--
Was this reply relevant?
+0
-0
rd52 RE: adobe shockwave v12 update did not remove old version
Member 7th May, 2013 20:17
Score: 11
Posts: 46
User Since: 4th Dec 2008
System Score: N/A
Location: US
Last edited on 8th May, 2013 04:18
I have had this problem for years. I have the newest Shockwave Player but one site that I play games on (since '98) downloads Shockwave Player 10 for compatability issues. So I have two SW players on my system. If you right click on it and then click on it again in Secunia, it shows the offending part of SW 10. In my case it was SW Int.exe which I deleted and Secunia no longer flags it as a risk. Over time and trial and error I have found that I can delete about half of the SW 10 files, and it still works on this site that I visit. If I don't do the deleting, as soon as I visit this site it would re-download SW 10.

Here are all the parts I delete from SW 10: SW Int.exe, SW Once dll, Symccis.dll, Showkwave Projector, SW Logo, Proj.dll, plug in ping.dll, gl.dll, gcapi.dll.dll, macromed/director.

Hope this helps.I posted this on the Adobe forums and there was no other ways of avoiding this, other than not going to the offending site.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+