navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: False positive identification of old Flash player?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 11.x

This thread has been marked as locked.
MorrisPeckham False positive identification of old Flash player?
Member 12th Sep, 2013 11:32
Ranking: 0
Posts: 10
User Since: 5th May, 2010
System Score: N/A
Location: UK
PSI showed that the ActiveX version of Flash Player was out of date, so I ran the update manually (auto-updates are disabled for this program). Even after a reboot and rescan, PSI says the old version is there. The file name that PSI gives is definitely not there - if I run a command prompt as Administrator, dir says "File Not Found". I *do* see Flash32_11_8_800_168.ocx which is the version I just installed.

Here's the "troubleshoot report":

---START---

Program Name:
Adobe Flash Player 11.x (ActiveX)

Security State:
Insecure

Download Link:
http://dl.secunia.com/SPS/AdobeFlashPlayer_11.8.80...

Instances Found:
C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_80 0_94.ocx, version: 11.8.800.94 (ActiveX)

Last System Scan (localtime):
12. Sep 2013, 10:15

Operating System:
Microsoft Windows 7, Microsoft Windows 7

---END---

mogs RE: False positive identification of old Flash player?
Expert Contributor 12th Sep, 2013 12:32
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@MorrisPeckham

See Maurice's post....scroll down to the second....for deleting old Flash Player file :-
http://secunia.com/community/forum/thread/show/143...

Insert the vulnerable file of your's :-
Instances Found:
C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8 _80 0_94.ocx, version: 11.8.800.94 (ActiveX)
and follow the instructions.

Hope it helps.....regards....

--
Was this reply relevant?
+0
-0
MorrisPeckham RE: False positive identification of old Flash player?
Member 12th Sep, 2013 18:31
Score: 0
Posts: 10
User Since: 5th May 2010
System Score: N/A
Location: UK
@mogs

Thanks, but when I follow those instructions, the file is not there. PSI tells me that it is there - Windows insists that it is not. So it seems to be a false positive from PSI.
Was this reply relevant?
+0
-0
mogs RE: False positive identification of old Flash player?
Expert Contributor 12th Sep, 2013 19:48
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@MorrisPeckham

So, psi has detected a file/path as you publish in your initial post...but Windows Explorer finds nothing to delete ?! I think it's the first I've read of such a phenomenon !!
It's beyond my limited capabilities. I can only hope that Maurice is reading this....who is much more familiar.....he'll no doubt be able to offer a better explanation/suggestion.

Sorry I was not able to be of more assistance....regards....mogs....

--
Was this reply relevant?
+0
-0
Anthony Wells RE: False positive identification of old Flash player?
Expert Contributor 13th Sep, 2013 22:34
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 13th Sep, 2013 22:39
HI ,

I frequently have the old/just replaced Flash file (in my case NPAPI) showing in the PSI version 2.0.0.3003 scan results as a "zombie" file alongside the up to date version ; it usually goes away by itself (with a tray pop-up notice) or is fixed with a reboot and full rescan . How many version detections do you have in the "scan results" ??

If the reboot/rescan does/has not work(ed) then , as Mogs' says , you will need some help from Maurice Joyce .

In th past there were problems of detecting the Sys WOW 64 bit .ocx files but I thought that problem had been solved .

EDIT:Can you see the file if you click on the yellowish folder icon at the lhs of "detected instances - the one without the red blob will/should open the folder containing the file ??

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Maurice Joyce RE: False positive identification of old Flash player?
Handling Contributor 16th Sep, 2013 10:47
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 16th Sep, 2013 10:48
If you have not solved this problem it can now be easily achieved by updating to the latest version of Flash which is 11.8.800.174.

I recommend this method.

UPDATING THE STANDALONE ADOBE FLASH PLAYER

1. Download & SAVE this to desktop.

http://get.adobe.com/flashplayer/

Untick (uncheck) any additional offerings bundled with the download if they are not required

2. The installer will appear on the desk top. THE IMPORTANT BIT - Before agreeing to install Flash check these programmes are completely shut down (use the Task Manager if necessary (CTRL+SHIFT+ESC) to COMPLETELY EXIT these processes if running)):
a. All Browsers.
b. Windows Messenger.
c. Incredimail.
d. All Adobe Products.
e. PSI - Unless using version 2 or version 3
f. Microsoft Skype & Plus! For Skype
g. Microsoft Money

3. The new install will then remove all old files during the update process.

4. Complete a full PSI rescan & all should be in order.


Optional - Go to Start>Control Panel>click the Flash Player (32 Bit) icon>check the settings are to your requirements.

Last Reviewed 09:44 16/09/2013 BST







--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
LeendertKip False positive identification of old Flash player?
Member 16th Sep, 2013 11:01
Score: 4
Posts: 46
User Since: 13th Feb 2010
System Score: N/A
Location: NL
Hi Maurice, I believe you on your word but see a difference in version. I installed .168 on 12/9. You say last version is .174 and the link leads to .168. What's happening?
Was this reply relevant?
+0
-0
Maurice Joyce RE: False positive identification of old Flash player?
Handling Contributor 16th Sep, 2013 11:12
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 16th Sep, 2013 11:34
??? My link leads to here:

https://1ncuig.bn1.livefilestore.com/y2pViatWrFdk9...

EDIT:

Secunia also picks it up correctly as can be seen here:

https://1ncuig.bn1.livefilestore.com/y2pY-24ve6V_1...


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
LeendertKip False positive identification of old Flash player?
Member 16th Sep, 2013 11:46
Score: 4
Posts: 46
User Since: 13th Feb 2010
System Score: N/A
Location: NL
Hi Maurice, very strange! I tried the link several times using Firefox and always get .168. Using IE I get nothing but a hanging connection and a blanc screen. Now got to the Adobe site and see .174. The link is: http://get.adobe.com/nl/flashplayer I don't worry anymore.
Was this reply relevant?
+0
-0
Anthony Wells RE: False positive identification of old Flash player?
Expert Contributor 16th Sep, 2013 11:55
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

If you scroll down this linked website page you will see that there a "several" "secure!!" versions for Flash currently available depending on your OS/browser :-

http://helpx.adobe.com/en/flash-player/release-not...

Hope that helps .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Maurice Joyce RE: False positive identification of old Flash player?
Handling Contributor 16th Sep, 2013 12:07
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Anthony,
Nice to hear from you - agreed - the update from 168 to 174 was a bug fix for IE therefore PSI will show both versions as secure.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
MorrisPeckham RE: False positive identification of old Flash player?
Member 16th Sep, 2013 12:11
Score: 0
Posts: 10
User Since: 5th May 2010
System Score: N/A
Location: UK
Thanks everyone for your suggestions.

The actual solution was to leave it over the weekend and scan again on Monday. Then PSI noticed that the old version was not there, and that the installed version was up to date.

Ho hum.
Was this reply relevant?
+0
-0
Maurice Joyce RE: False positive identification of old Flash player?
Handling Contributor 16th Sep, 2013 12:31
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Pleased to see you are all fixed up.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+