Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Flash 10.1 installed but "Secure Browsing still red"

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as resolved.
tramnitz Flash 10.1 installed but "Secure Browsing still red"
Member 6th Jun, 2010 01:09
Ranking: 0
Posts: 3
User Since: 13th Apr, 2009
System Score: N/A
Location: N/A
I have the 10.1 RC installed (10.1.53.64) which is also properly reported in the uptodate-program section (for FF and IE!), but secure browsing still shows both in red with the associated vulnerability that only affects < 10.1.
The same goes for Adobe Reader, I deleted the authplay.dll as suggested but Secure browsing still complains abou the Reader plugin...

Post "RE: Flash 10.1 installed but "Secure Browsing still red"" has been selected as an answer.
mogs RE: Flash 10.1 installed but "Secure Browsing still red"
Expert Contributor 6th Jun, 2010 01:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 6th Jun, 2010 01:16
Hello.

Have you rebooted and scanned since having made the changes ?

PS....Tho' you delete...psi will still detect items if in the Recycle bin.

--
Was this reply relevant?
+0
-1
tramnitz RE: Flash 10.1 installed but "Secure Browsing still red"
Member 6th Jun, 2010 01:22
Score: 0
Posts: 3
User Since: 13th Apr 2009
System Score: N/A
Location: N/A
This might be my first post here, but I'm not a fool.
Yes, I rebooted and rescanned, and like I said the "updated program" section of PSI picked up the correct version already. It's the just the browser plugins in the "secure browsing" section that still show a vulnerability.

And just to make myself clear, this was no call for help "how do I properly update Flash" but just a quick bug report of the inacurate "secure browsing" display
Was this reply relevant?
+0
-0
thedillpickl RE: Flash 10.1 installed but "Secure Browsing still red"
Contributor 6th Jun, 2010 03:06
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Last edited on 6th Jun, 2010 03:10
Hi tramnitz;

Same thing here. If you look at SA (Secunia Advisory) 40026 http://secunia.com/advisories/40026/ it states "The vulnerability is reported in version 10.0.45.2 and prior 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris.". Also says, "Reportedly, the latest version 10.1 Release Candidate is not affected.".

What the SA doesn't tell you is there is no RC for the ActiveX version, just the NPAPI. Oddly enough, my Firefox & Chrome are still 'red' even though I have the RC Flash installed properly. This will quite possibly be taken care of first thing Monday. Secunia does not usually 'read' release candidates or betas, so this is strange. IE8 should be 'red' because there is no update available for the ActiveX yet.

In the SA the following is provided to help you, help them:

"Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com "

Hope that all or part is helpful.


Regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+1
-1
Maurice Joyce RE: Flash 10.1 installed but "Secure Browsing still red"
Handling Contributor 6th Jun, 2010 09:00
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
UPDATING ADOBE FLASH
====================
Works with Windows XP,Vista & Windows 7 - 32 & 64 Bit systems.

To successfully install Adobe Flash go here:
http://www.filehippo.com/download_flashplayer_ie/

& then here if U have any Gecko based browsers.

http://www.filehippo.com/download_flashplayer_fire...


The latest RC version is:10.1.63.64 RC7 - This version is very stable & monitored by Secunia

1. Select the Flash version U require & download it.
2. The installer will appear on the desk top. Before agreeing to install close:
a. All Browsers.
b. PSI
c. Windows Messenger.
3. The new install will then remove all old files during the update process.
4. Complete a PSI rescan.

POSSIBLE PROBLEMS.
++++++++++++++++++

If U failed to complete 2. above U may well find PSI still shows a vulnerability on the rescan.

SOLUTION 1

1. Double check your browser(s),PSI & Messenger are closed.
2. Navigate to:
32 Bit Systems - C:\Windows\system32\Macromedia\Flash
64 Bit Systems - C:\Windows\sysWOW64\Macromedia\Flash

In these locations U may well find these entries:
FLASH10D.OCX - Right click & delete it.
FLASH10E.OCX - Right click & delete it.

If U are using the RC version U will see 10H & not 10E.

SOLUTION 2

1. Check the path to the vulnerability.

If PSI finds any elements of Flash in the C:\i386 folder or on any drive other than C that is an OEM reinstallation partition (normally D drive) or a drive U use solely to backup your work U can safely create an ignore rule. It may also be in the Recycle Bin.

OPTIONAL EXTRA'S
++++++++++++++++

Security.
Adobe also have a very bad habit of changing your Flash settings each time they plug vulnerabilities. To change the security settings to your liking & regain control of your PC click here:

http://www.macromedia.com/support/documentation/en...

Click each tab U see & change the settings to your security requirements.

Bloat ware.
If you used the Adobe site, rather than FileHippo to update you will also find they try or have installed an unnecessary Download Manager.

It is bloat ware by a third party Company called NOS. If found I would uninstall it via Add/Remove.

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.

Revision 7.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-1
tramnitz RE: Flash 10.1 installed but "Secure Browsing still red"
Member 6th Jun, 2010 10:58
Score: 0
Posts: 3
User Since: 13th Apr 2009
System Score: N/A
Location: N/A
Last edited on 6th Jun, 2010 11:06
I have updated both the ActiveX contral and the NPAPI.
"Updated programs" shows all 4 (I'm on x64) instances of Flash as 10.1.53.64
***THIS IS NOT THE PROBLEM, FLASH 10.1 RC7 IS PROPERLY INSTALLED AND SHOWS UP AS SUCH***
It's only "secure browsing" referencing a vulnerability that has been fixed by 10.1.53.64 but it is still reporting it!

Please read the post properly before replying!
Was this reply relevant?
+0
-0
Anthony Wells RE: Flash 10.1 installed but "Secure Browsing still red"
Expert Contributor 6th Jun, 2010 11:58
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@tramnitz

I have the same situation as you - except i have renamed the Adobe Reader "authplay.dll" by adding "_old" .

If you read the Flash SA40026 and the Reader SA40034 , you will see that the update to 10.1.x and changes to the .dll are called "workarounds" and not "solutions" .

Consequetly , PSI will show your Flash ActiveX and NPAPI in the "patched" tab because they are the "latest" ; but as tey are only "probably" secure and not being a "solution" as in "patch" , they will show up as they do in the "secure browsing" tab . The same applies to reader as PSI does not recognise/cannot read the "workaround" .

I have been using the embedded Flash 10.1.x in Chrome for sometime with good results.

I have also taken the opportunity to update to the latest version of Silverlight as v4.0.50401.0

Everything running well as I type - not easy with crossed fingers :)))

Hope this is clear , if not ask again .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability