Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Flash update confuses PSI

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
mitchhellman Adobe Flash update confuses PSI
Member 12th Feb, 2010 20:48
Ranking: 0
Posts: 7
User Since: 29th Jan, 2010
System Score: N/A
Location: N/A
When I started my PC today, Adobe notified me of the availability of a new version of Flash; this occurred before PSI had even loaded. I Clicked on the Adobe notification and installed the update. Meanwhile PSI started and notified me that my version of Flash was insecure (even though I had just installed what Adobe told me was the latest version). I decided to humor PSI and followed the procedure for downloading and installing what PSI claimed was the update. Aftrer doing so, PSI still said that my version was insecure. I re-scanned, restarted the PSI interface and even re-booted my PC, to no avail; PSI is convinced that I have Flash version 10.0.42.34 (ActiveX) installed even though Adobe says that the version I downloaded from them is 10.0.45.2.

I re-installed Flash from Adobe-- no change in PSI. I have gone so far as the uninstall Flash altogether-- no joy; PSI *STILL* claims that I have 10.0.42.34. I have run Glary Utilities and cleaned up any vestiges of the uninstalled Flash from my PC... and PSI continues to claim that it remains.

Anthony Wells RE: Adobe Flash update confuses PSI
Expert Contributor 12th Feb, 2010 22:43
Score: 2429
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 12th Feb, 2010 22:44
Hello Mitchhellman

As this is your first post , I will give you some basic advice (sorry if you already know) , which may help you explain any problems to us more specifically :-

To help resolve any problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

Posting these details will help the Forum help you , if/when you have a problem .

The Flash ActiveX plug-in is used by PSI and if it was running (or still loaded in the tray) the old version cannot be removed and will still be in the Macromed Flash folder and PSI will report this .

This thread deals with the problem in detail and tells you how to fix it :-

http://secunia.com/community/forum/thread/show/313...

Hope this helps
Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mitchhellman RE: Adobe Flash update confuses PSI
Member 12th Feb, 2010 23:30
Score: 0
Posts: 7
User Since: 29th Jan 2010
System Score: N/A
Location: N/A
Anthony:

Thanks for your reply. I actually resolved the issue shortly before you posted; I noticed the presence of the Macromed folder and blew it away (having already uninstalled Flash). Since at this point I decided to uninstall PSI as well, I then ran OSI to see if the insecure warning was still there, and it was gone. I then installed the latest version of Flash, ran OSI without incident, then reinstalled PSI.

What disturbs me about this:

1. Secunia's continued dependency on Flash;

2. That Secunia, being aware of this and other associated issues related to Flash, hasn't seen fit to either:

1.a.) develop a macro that removes lingering files that confuse PSI into believing that there is an insecure version of Flash still installed even when Flash is no longer operable; or

1.b.) use some other file as the indicator that Flash is still there; or

1.c.) include detailed removal instructions as part of the alert message, if 1.a. or 1.b. are not feasible.

But hey, what do I know-- I'm only a user. :)
Was this reply relevant?
+0
-0
Anthony Wells RE: Adobe Flash update confuses PSI
Expert Contributor 12th Feb, 2010 23:54
Score: 2429
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 12th Feb, 2010 23:58
Yup , Mitchhellman , don't you get carried away with the idea of user power :))

Actually PSI reports all vulnerable files (it's job) and an old .ocx file is "potentially vulnerable/insecure" depending ... So they report and you have to do the deciding , it's a good system ; no point in ignoring it by changing the rules and not reporting , too subjective (it has been tried).

The specific problem is that if an ActiveX Flash using programme (like PSI and a lot of Messenger programmes) is in use all the .ocx files are locked , are they all in use and if not which one(s) are used and so what is the danger ??? Not Secunia's problem in itself , it's between Adobe and Windows . The Adobe Flash "uninstaller" site tells you what to do , without mentioning PSI specifically !!

If it was easy , where would we be then :))

Take care
Anthony

PS: my update went correctly but PSI needed to rescan each file a couple of times to update itself - that happens .







--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
dontknowsquat RE: Adobe Flash update confuses PSI
Member 13th Feb, 2010 22:23
Score: 0
Posts: 12
User Since: 7th Feb 2010
System Score: 99%
Location: US
Last edited on 13th Feb, 2010 22:26
I, too, have a problem with Adobe Flash.

Before reading the posts, I attempted to use the PSI recommended fix to no avail. I then logged off and rebooted and tried again with the same results (Adobe Flash Active X is insecure). Then I uninstalled and reinstalled the offending program and rescanned with the same results (after logging off and rebooting again).

As in another post on this thread, PSI indicates I have v.10.0.42.34; whereas Adobe indicates I have v.10.0.45.2. When I opened the folder, I found Flash 10d.ocx and Flash 10e.ocx, among other entries.

As a computer newbie, I am trying to use logic instead computer knowledge to understand this. Please tell me if the following logic is flawed:
1) From earlier posts in this thread there seems to be a conflict because PSI is using a program while trying to scan it at the same time.
2) PSI is receiving information from Adobe that is dated differently from real time, flagging this program as a security risk.
3) This brings me to the two folder files mentioned above. Is Flash 10e.ocx an update of Flash 10d.ocx? If so, are they incompatible, requiring Flash 10d.ocx to be deleted to function properly ---- or does 'd' piggyback on 'e' making a complete program?

Now for the important question, do I leave things as they are, place this program in the ignore category, or uninstall it?

Thank you for your patience with me.
That is why I am
dontknowsquat


THE ONLY STUPID QUESTION IS THE ONE YOU DON'T ASK, THEREBY ALLOWING YOURSELF TO REMAIN IGNORANT.
dontknowsquat

Was this reply relevant?
+0
-0
ky331 RE: Adobe Flash update confuses PSI
Member 14th Feb, 2010 00:49
Score: -1
Posts: 10
User Since: 4th Apr 2008
System Score: N/A
Location: US
Last edited on 17th Feb, 2010 15:47
there are several points that have to be made here... please bear with me:

1) there are two "components" to flash. An ActiveX version, which is used by Internet Explorer;
as well as a PlugIn version, which is used by FireFox, Opera, Safari, and perhaps some other browsers.

If you have multiple versions of Flash on your system, you need to replace each one... if you replace only one of the two, only the one you updated will be secure, but not the other one.

So if you use IE, you'll have to open IE and go to
http://get.adobe.com/flashplayer/
and if you use FireFox and/or Opera, you'll have to do the same in (either) one of these as well.

Alternatively, you can go to
http://get.adobe.com/flashplayer/otherversions/
to explicitly select your operating system and then the browser-type.

The activeX version is an .OCX file, for example, Flash10e.ocx;
the plugIn version is the file NPSWF32.dll

2) The flash files are typically located in
C:\WINDOWS\system32\Macromed\flash
(at least, on a WIN XP system)

As for the ActiveX version (for IE):
flash10d.ocx was the previous version of flash, 10.0.42.34
flash10e.ocx is (as of this writing) the latest version of flash, 10.0.45.2
You want to have only the latest one of these.

3) It is often "difficult" to remove an older flash...ocx file. Adobe has created a flash UNinstaller, which should be downloaded and run BEFORE you install the newest flash. for information and the UNinstaller, see
http://kb2.adobe.com/cps/141/tn_14157.html

Note: After downloading the UNinstaller, you should first CLOSE ALL BROWERS and EXIT the Secunia PSI, and then run the UNinstaller (while the browsers are closed and PSI is not running).

3) As noted, the proper directory for the Flash files is
C:\WINDOWS\system32\Macromed\flash
OPERA users may also find a copy of NPSWF32.dll in
C:\Program Files\Opera\program\plugins

Sometimes, Secunia may locate old versions of flash in OTHER directories, in particular, c:\i386
or in a subdirectory under a particular program area.
c:\i386 is comparable to a backup copy of your originally-installed system. (I don't know if that's 100% accurate, but it should suffice for now). c:\i386 files don't get changed. So if Secunia is picking on any files located there, you should just ignore them. Ditto if you find an old copy of flash under, for example, your Hewlett Packard printer files.
Was this reply relevant?
+0
-0
dontknowsquat RE: Adobe Flash update confuses PSI
Member 14th Feb, 2010 02:21
Score: 0
Posts: 12
User Since: 7th Feb 2010
System Score: 99%
Location: US
Thanks ky331,

That's a lot of information. Give me some time to digest it and follow the instructions, and I'll give feedback. I have some non-computer things demanding my time right now.

dontknowsquat
Was this reply relevant?
+0
-0
DougMacp RE: Adobe Flash update confuses PSI
Member 14th Feb, 2010 12:10
Score: 0
Posts: 5
User Since: 18th Feb 2009
System Score: N/A
Location: UK
Test only
Was this reply relevant?
+0
-0
rolf.ophuus RE: Adobe Flash update confuses PSI
Member 14th Feb, 2010 20:45
Score: 0
Posts: 4
User Since: 2nd Mar 2009
System Score: N/A
Location: ES
This was great stuff.
For me, the place to go was as said: C:\WINDOWS\System 32\Micromed\Flash
There were no less than 4 .ocx files (b - c - d - and e).
I deleted b, c, and d to the bin without any problem.
PSI responded within seconds: Patched - no security risk.
Version now detected: 10.0.45.2
Thanks a lot.
Was this reply relevant?
+0
-0
dontknowsquat RE: Adobe Flash update confuses PSI
Member 14th Feb, 2010 21:18
Score: 0
Posts: 12
User Since: 7th Feb 2010
System Score: 99%
Location: US
ky331,

Adobe Flash uninstall old version/ install updated version was successful; however, I have no plug-ins at present. Am I correct in thinking that I will be prompted to install plug-ins as needed?

I am unsure if the following should be posted elsewhere, but here goes --->
In the interim since the last post, Adobe Reader 9.2 updated to Adobe Reader 9.3, leaving v9.2 on the computer. Is there an uninstall/ reinstall procedure needed for this also. (A scan showed me to be 100% secure.) If further attention is needed, Please provide me with instructions and links.

Thanks,

don'tknowsquat
Was this reply relevant?
+0
-0
ky331 RE: Adobe Flash update confuses PSI
Member 15th Feb, 2010 00:43
Score: -1
Posts: 10
User Since: 4th Apr 2008
System Score: N/A
Location: US
the plug-in version of flash (NPSWF32.dll) is only needed if you use FireFox, Opera, Safari, or perhaps some other "alternative" browser... and if you try to view a flash-based page in one of these, you should be prompted that you need to download/install it.
In other words, if you use Internet Explorer as your only browser, you won't need the plug-in version... rather, you'll need the ActiveX version (Flash10e.ocx).

as for adobe reader 9.x, assuming you installed it in its DEFAULT location
c:\Program Files\Adobe\Reader9.0
you should have only one version on your system: 9.3 should have over-written 9.2
(I guess it's possible that if you specified an alternative location, you might be able to have both).
On what basis ("evidence") are you asserting that you still have 9.2 installed after installing 9.3??



Was this reply relevant?
+0
-0
dontknowsquat RE: Adobe Flash update confuses PSI
Member 15th Feb, 2010 03:32
Score: 0
Posts: 12
User Since: 7th Feb 2010
System Score: 99%
Location: US
Thanks ky331,

first issue:
Currently IE8 is my only browser, but I am considering switching to firefox. I am not finding Flash 10e.ocx anywhere; so I will wait until prompted to install it.

second issue:
I manually installed Adobe Reader 9.3. The evidence that both are on the computer is two icons on the desk top. Both open independently, one for each v9.2 andv9.3.

By the way --> I am experiencing some problems with log in to this forum. Should I start a new thread to resolve this issue?

Thanks again,
dontknowsquat
Was this reply relevant?
+0
-0
ky331 RE: Adobe Flash update confuses PSI
Member 15th Feb, 2010 13:45
Score: -1
Posts: 10
User Since: 4th Apr 2008
System Score: N/A
Location: US
"I am not finding Flash 10e.ocx anywhere".

If you're using IE, and have installed the most recent version of Flash, then you SHOULD have Flash10e.ocx (no spaces) located on your computer, presumably under C:\windows\system32\Macromed\Flash

Regardless of whether or not you can find it, here's a simple test to see if you have flash installed... Open your browser (IE in your case) and go to

http://www.adobe.com/software/flash/about/

this page, besides using flash to display an animation (currently for the movie Avatar), will also indicate your flash version information: it should indicate
"You have version 10,0,45,2 installed". If so, there's no need to worry about the ActiveX or PlugIn details.

As for Adobe Reader, my best guess/explanation is that you chose to install 9.3 somewhere other than the default location... leaving both versions on your PC. My suggestion is to look [in Control Panel] under Add/Remove programs, to see if you have both 9.2 and 9.3 listed there... if so, you should be able to remove 9.2 (while leaving 9.3 intact).
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe Flash update confuses PSI
Member 15th Feb, 2010 14:16
Go to My Profile then in Edit my profile then in Community Profile select Timezone for the city nearest you and and Country you are in.

Also in Signature include the information about your system that you want appended to every thread or post you create.

This information helps the helpers provide apropriate tips.
Was this reply relevant?
+0
-0
dontknowsquat RE: Adobe Flash update confuses PSI
Member 15th Feb, 2010 19:43
Score: 0
Posts: 12
User Since: 7th Feb 2010
System Score: 99%
Location: US
ky331 and YoKenny,

The link you included does show that I have v...45... installed. As for Reader 9.2/9.3, CONTROL PANEL verifies that I have both versions. I do not remember specifying a location for the download, but that is really not important at this time. I am going to use Ccleaner to remove v9.2. I find that Ccleaner removes some of the remnants that Control Panel leaves behind on some program removals.

I have entered time zone and country in my profile. I'll add system information after I collect and edit it to a form appropriate for the signature.

Thanks to both of you for your help.

dontknowsquat

Was this reply relevant?
+0
-0
ericgphillips RE: Adobe Flash update confuses PSI
Member 16th Feb, 2010 18:18
Score: 0
Posts: 2
User Since: 15th Feb 2010
System Score: N/A
Location: N/A
on 12th Feb, 2010 20:48, mitchhellman wrote:
When I started my PC today, Adobe notified me of the availability of a new version of Flash; this occurred before PSI had even loaded. I Clicked on the Adobe notification and installed the update. Meanwhile PSI started and notified me that my version of Flash was insecure (even though I had just installed what Adobe told me was the latest version). I decided to humor PSI and followed the procedure for downloading and installing what PSI claimed was the update. Aftrer doing so, PSI still said that my version was insecure. I re-scanned, restarted the PSI interface and even re-booted my PC, to no avail; PSI is convinced that I have Flash version 10.0.42.34 (ActiveX) installed even though Adobe says that the version I downloaded from them is 10.0.45.2.

I re-installed Flash from Adobe-- no change in PSI. I have gone so far as the uninstall Flash altogether-- no joy; PSI *STILL* claims that I have 10.0.42.34. I have run Glary Utilities and cleaned up any vestiges of the uninstalled Flash from my PC... and PSI continues to claim that it remains.

Was this reply relevant?
+0
-0
dontknowsquat RE: Adobe Flash update confuses PSI
Member 16th Feb, 2010 19:18
Score: 0
Posts: 12
User Since: 7th Feb 2010
System Score: 99%
Location: US
Go to the post by ky331 dated feb 14 for full information. I had the same problem. It is caused by the old version not being removed while updating to the new version. Following ky331's instructions solved the problem for me. I found it helpful to print the post to have the instructions next to me while performing the fix.(instead fo trying to toggle between windows)

It is a multistep process, so be patient. Rescan after completion of the uninstall/install procedure. The scan should show that you were successful.

Post your results in this thread. If there are further problems, I'm sure that someone with the proper knowledge will repy with a solution.

dontknowsquat
Was this reply relevant?
+0
-0
knudknud3 RE: Adobe Flash update confuses PSI
Member 16th Feb, 2010 22:39
Score: 0
Posts: 6
User Since: 4th May 2008
System Score: 94%
Location: DK
Last edited on 17th Feb, 2010 16:00
Hi everybody.

I have made my own recipe for next time.

Everything works fine.
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe Flash update confuses PSI
Member 17th Feb, 2010 15:22
I have a similar problem and what I am wondering is whether anyone from Secunia ever reads this forum. If they do, why don't they patch this 'buggy' Secunia?
Was this reply relevant?
+0
-0
knudknud3 RE: Adobe Flash update confuses PSI
Member 17th Feb, 2010 17:12
Score: 0
Posts: 6
User Since: 4th May 2008
System Score: 94%
Location: DK
Last edited on 17th Feb, 2010 17:13
Hi jitterbug.
After you hit the FORUM button in your Secunia - please read below [Visit and join The Community Forum].
Have you solved your problem.
If not - hit the folder sign - delete d.ocx PERMANENT - scan again - done.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability