Secunia CSI 5.0
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
All Threads
PSI
PSI API
CSI
OSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Flash 10.1.53.64 still insecure?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems 		And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
Websafe Adobe Flash 10.1.53.64 still insecure?
Member 10th Jun, 2010 21:17
Ranking: 51
Posts: 72
User Since: 24th May, 2009
System Score: 100%
Location: NL
 Just installed the latest (stable) flash-player from: http://get.adobe.com/flashplayer/
(Before I removed the older Flash-player using add/remove program & a flash-uninstaller).
Adobe has released 10.1.53.64 as the latest flash-player.
According: http://secunia.com/advisories/40026/ I would expect this release as patched.
However under the “safe browsing tab” the 10.1 version has a status of insecure.
Is this a false positive?

Have a nice day,
Websafe.

gjjean RE: Adobe Flash 10.1.53.64 still insecure?
Contributor 10th Jun, 2010 23:16
Score: 196
Posts: 196
User Since: 9th Apr 2010
System Score: 100%
Location: LB
 @ websafe

Please read the following thread and visit the sites mentioned:

http://secunia.com/community/forum/thread/show/443...

--
HP pavilion DV6
Win 7 64bit - SP1
IE9 RTW + MSSE2
Was this reply relevant?
+2
-0
Websafe RE: Adobe Flash 10.1.53.64 still insecure?
Member 11th Jun, 2010 00:03
Score: 51
Posts: 72
User Since: 24th May 2009
System Score: 100%
Location: NL
 @ John,

Thanks for your link.
At: http://www.adobe.com/support/security/bulletins/ap... Adobe recommends to upgrade to version: 10.1.53.64.
It seems likely to me Secunia did not yet update their signature files.

Websafe.
Was this reply relevant?
+2
-0
ddmarshall RE: Adobe Flash 10.1.53.64 still insecure?
Dedicated Contributor 11th Jun, 2010 00:08
Score: 1037
Posts: 820
User Since: 8th Nov 2008
System Score: 100%
Location: UK
 Adobe have only released this in the last couple of hours as its 'official' download, although it's the same version as RC7. I guess Secunia will update their database in the morning.

The security bulletin also includes an update to Air to version 2.0.2 .

http://www.adobe.com/support/security/bulletins/ap...
Was this reply relevant?
+2
-0
E.Petersen RE: Adobe Flash 10.1.53.64 still insecure?
Secunia Official 11th Jun, 2010 13:25
Score: 649
Posts: 1,892
User Since: 1st Jul 2009
System Score: N/A
Location: Copenhagen, DK
 Hi,

Please try rescanning and downloading the new patch - it should hopefully be working.

hope this helps.

--
Kind regards,

Emil R. Petersen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal
The Boat People RE: Adobe Flash 10.1.53.64 still insecure?
Member 11th Jun, 2010 14:09
Score: 0
Posts: 2
User Since: 11th Feb 2009
System Score: N/A
Location: N/A
Last edited on 11th Jun, 2010 14:12		 Have downloaded the latest version from Adobe and done rescan but still shows the program as insecure

Terry
Was this reply relevant?
+0
-0
E.Jeppesen RE: Adobe Flash 10.1.53.64 still insecure?
Secunia Official 11th Jun, 2010 14:31
Score: 60
Posts: 142
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
 It is a common issue that Adobe Flash Player leaves old files behind when installing a newer version. These files should now be marked as "zombie" files. Please see the many threads that already exist on this issue.
Jersey_Devil RE: Adobe Flash 10.1.53.64 still insecure?
Member 11th Jun, 2010 14:35
Score: 7
Posts: 23
User Since: 29th Apr 2010
System Score: N/A
Location: US
 No problem here. Adobe Flash 10.1.53.64 shows status as patched.

Complete instructions here: http://msmvps.com/blogs/donna/archive/2010/06/10/f...



--
Gateway NV59C
Win 7 HP SP1 x64, XP Home SP3
Windows 8 Dev Preview on Workstation 8
FF 6.0.2 , IE9
8 GB Kingston DDR3 RAM

Avast! 6 Free, MBAM on demand
MVPS Hosts, PSI 2.0.0.3001
Was this reply relevant?
+1
-0
Maurice Joyce RE: Adobe Flash 10.1.53.64 still insecure?
Handling Contributor 11th Jun, 2010 14:35
Score: 8623
Posts: 6,660
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 This will fix flash.

UPDATING ADOBE FLASH
====================
Works with Windows XP,Vista & Windows 7 - 32 & 64 Bit systems.

To successfully install Adobe Flash go here:
http://www.filehippo.com/download_flashplayer_ie/

& then here if U have any Gecko based browsers.

http://www.filehippo.com/download_flashplayer_fire...

The latest RC version is:10.1.53.64 RC7 - This version is very stable monitored by Secunia & currently the only one that appears secure

1. Select the Flash version U require & download it.
2. The installer will appear on the desk top. Before agreeing to install close:
a. All Browsers.
b. PSI
c. Windows Messenger.
3. The new install will then remove all old files during the update process.
4. Complete a PSI rescan.

POSSIBLE PROBLEMS.
++++++++++++++++++

If U failed to complete 2. above U may well find PSI still shows a vulnerability on the rescan.

SOLUTION

1. Double check your browser(s),PSI & Messenger are closed.
2. Navigate to:
32 Bit Systems - C:\Windows\system32\Macromedia\Flash
64 Bit Systems - C:\Windows\sysWOW64\Macromedia\Flash

In these locations U may well find these entries:
FLASH10D or E.OCX - Right click & delete it.
FLASH10H.OCX - The latest version which should be retained.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE9
16GB RAM
Was this reply relevant?
+7
-0
Websafe RE: Adobe Flash 10.1.53.64 still insecure?
Member 11th Jun, 2010 17:33
Score: 51
Posts: 72
User Since: 24th May 2009
System Score: 100%
Location: NL
 Just arrived at my computer and see under the “safe browsing tab” Adobe Flash-player 10.x (10.1.53.64) as patched.
Thanks.

Websafe.
Was this reply relevant?
+0
-0
The Boat People RE: Adobe Flash 10.1.53.64 still insecure?
Member 11th Jun, 2010 17:48
Score: 0
Posts: 2
User Since: 11th Feb 2009
System Score: N/A
Location: N/A
 Now patched and shown as secure.
Thanks for advice

Terry
Was this reply relevant?
+0
-0
Muggle10 RE: Adobe Flash 10.1.53.64 still insecure?
Member 11th Jun, 2010 20:33
Score: 0
Posts: 1
User Since: 31st Dec 2009
System Score: N/A
Location: US
 I got the same “insecure” msgs after installing the latest Flash Player. I tried uninstalling and then reinstalling it, but I still got the msgs. Once I deleted FLASH10E, the msgs went away.

Maurice, THANKS for your post!
Was this reply relevant?
+0
-0
lmacri RE: Adobe Flash 10.1.53.64 still insecure?
Member 11th Jun, 2010 21:17
Score: 31
Posts: 58
User Since: 9th Sep 2009
System Score: N/A
Location: CA
Last edited on 11th Jun, 2010 21:40		 The Adobe Flash Player Uninstaller utility (available for download from http://kb2.adobe.com/cps/141/tn_14157.html) should completely remove any files associated with older versions of the Flash Player that might be detected by your Secunia scan. The following steps always work for me.

1. Uninstall the old version of the Adobe Flash Player from the Windows Control Panel (Start | Control Panel | Programs and Features)
2. Download the lastest version of the Adobe Flash Player Uninstaller utility and run the utility to remove all traces of the old installation.
3. Re-boot your system
4. Install the new version of Adobe Flash Player

--
Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6 * IE 9 * FF 10.0.0 * PSI v. 2.0.0.3001
Was this reply relevant?
+5
-0

Lee Ving

 RE: Adobe Flash 10.1.53.64 still insecure?
[+]
This reply has been minimised due to a negative Relevancy Score.
mckvack RE: Adobe Flash 10.1.53.64 still insecure?
Member 13th Jun, 2010 06:14
Score: 1
Posts: 6
User Since: 6th May 2010
System Score: 100%
Location: SE
 I just exit PSI because it's using Flash player, and then run the the Adobe Flash uninstaller. And installed all files again, and then start PSI and rescan and waiting some seconds, and the Adobe Flash got patched.

--
Windows XP SP3
Was this reply relevant?
+1
-0
Marty4f RE: Adobe Flash 10.1.53.64 still insecure?
Member 20th Jun, 2010 01:28
Score: 0
Posts: 2
User Since: 3rd Feb 2010
System Score: N/A
Location: N/A
 Secunia scan prob?

1. Uninstalled Adobe Flash using Adobe Uninstaller.
2. Rebooted
3. Downloaded Adobe Flash 10.1.53.64 and installed it. Reported successful.
4. Rebooted.
5. Ran PSI-it reported AF version 10.0.45.2
6. Checked AF file which contained;
Flash 10e.ocx but no 10h.ocx
FlashUtil 10h_plugin.exe ( appears to be an installer/unistaller)
7. Where do I go from here?

WINXP Pro 3 Firefox
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash 10.1.53.64 still insecure?
Handling Contributor 20th Jun, 2010 02:02
Score: 8623
Posts: 6,660
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 Read my post above - that cures the problem.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE9
16GB RAM
Was this reply relevant?
+1
-0
Marty4f RE: Adobe Flash 10.1.53.64 still insecure?
Member 20th Jun, 2010 02:49
Score: 0
Posts: 2
User Since: 3rd Feb 2010
System Score: N/A
Location: N/A
 Maurice, Tks for the advice-problem solved.
I downloaded using IE instead of Firefox from the site you gave.
I don't know which solved the problem but one of them did.
Tks again, Marty
Was this reply relevant?
+0
-0
DMorrisPE RE: Adobe Flash 10.1.53.64 still insecure?
Member 21st Jun, 2010 16:01
Score: 2
Posts: 2
User Since: 4th Dec 2008
System Score: 100%
Location: US
 I have deleted the entire Windows/system32/macromed/Flash folder, cleaned all traces from the registry and reinstalled the latest Flash download (as of 6-21-10). Still get the "Insecure" message about the .dll file.

Just a comment - Secunia PSI uses whatever version of Flash is installed and leaves it's "hooks" to the program while the users are trying to update Flash. Of course, the offending file never gets updated/deleted because Secunia is using it. I would suggest that your graphics use some other method of displaying the status, even if it's just an old-style, DOS-based, progress bar. That way your users can actually update those files while staying in PSI.

--
- Doug
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash 10.1.53.64 still insecure?
Handling Contributor 22nd Jun, 2010 12:18
Score: 8623
Posts: 6,660
User Since: 4th Jan 2009
System Score: 100%
Location: UK
 @DMorrisPE

Where is PSI finding the vulnerability. If U have cleared out as U describe then it must be on another drive, in the i386 folder or recycle bin.

FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next.

Revision 2

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE9
16GB RAM
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports & Papers
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2012 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability