navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Flash Player 10.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
loey1947 Adobe Flash Player 10.x
Member 15th Jun, 2010 05:58
Ranking: 0
Posts: 2
User Since: 15th Jun, 2010
System Score: N/A
Location: US
This program showed up as a warning on Secunia and I tried the solutions, but it never went into my programs so I can't even delete it if it is a problem. How should I handle this? It is a seurity 5 threat. Thank you for your help. I saved the program but again it is not showing up in my programs. I have been asked to perform the solution 11 times, I rescan and they still show as warnings. I am not very computer capable, so I don't want to mess up my computer. Thank you again for any help. It is a macromedia program.

TiMow RE: Adobe Flash Player 10.x
Dedicated Contributor 15th Jun, 2010 06:58
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 15th Jun, 2010 07:10
Hi Loey

Flash is used by your browsers for graphics, videos, games etc.

IE uses Flash (ActiveX) - PSI require this version for the display of it's graphics (pie chart and bars).

Other browsers need Flash (NPAPI).

When you install/update Flash you normally need to do this twice - once using IE for ActiveX, and once using another browser for NPAPI.

You appear to still have element s of the old insecure version of flash left on your PC, which PSI is finding and flagging.

You best option is to fully remove all elements of flash (using a downloadable uninstaller), and then (re-) install the current up to date version.

Details as follows:

1) Download to desktop Flash uninstaller (to remove all flash) from here:

http://kb2.adobe.com/cps/141/tn_14157.html

[Depending on browser used for download, if saving to desktop is not an option, then perform the following 2), below, before clicking "Run"]

2) Close all programs that use flash - all browsers and PSI (right click tray icon, bottom right, and Exit);

3) Run Flash uninstaller from desktop;

4) Reboot (restart) PC

5) Re-open browser(s) - IE and Another (if apllicable);

6) Download current flash from here (2x):

A] http://www.filehippo.com/download_flashplayer_ie/

using IE, (for IE ActiveX) N.B. PSI requires this for graphics, even if you don't actively use IE; and

B] http://www.filehippo.com/download_flashplayer_fire...

using another browser (e.g. Firefox) for NPAPI

Reboot (restart) PC and full rescan PSI (you will need to activate PSI from All Programs, from Start menu).

Both Flash - ActiveX and NPAPI - should show under Patched tab of PSI (If not already, then click "Advanced", top right of PSI window, then OK,) - see "Adobe Flash Payer 10.x" ; version no. 10.1.53.64

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
loey1947 RE: Adobe Flash Player 10.x
Member 15th Jun, 2010 07:12
Score: 0
Posts: 2
User Since: 15th Jun 2010
System Score: N/A
Location: US
Thank you, I will try your suggestion.
Was this reply relevant?
+0
-0
TiMow RE: Adobe Flash Player 10.x
Dedicated Contributor 15th Jun, 2010 07:42
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 15th Jun, 2010 07:49
Hi again loey,

There has been only one recent reported instance of the above procedure not fully removing the insecure element of flash - maybe because all programs using flash weren't exited.

In order to save time I will offer an alternative fall-back solution - which you may or may not need.

Using PSI in Advanced mode (click "Advanced" top right of PSI widow, then OK).
Click on tab "Insecure", then on the l.h.s. of the listing for flash click on "[+]".
Here are toolbox icons.
Click on Open Folder to go to location of flash, (using Windows Explorer).

Once at the file location, on r.h.s. of window, are the elements of the flash app. (with icons).
Find the icon(s) with yellow and green gear wheels marked Flash10("A letter").ocx

The current (and only) one you need is Flash10h.ocx
If there are others (previous letters 10e.ocx, or 10d.ocx and so on), these can be removed - highlight > right click > delete.

Re-boot and re-scan.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
TiMow RE: Adobe Flash Player 10.x
Dedicated Contributor 15th Jun, 2010 08:23
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
In my first reply, there is a problem with the second download link, provided, for another browser (e.g. Firefox) for Flash NPAPI.
The following should work:

http://www.filehippo.com/download_flashplayer_fire...

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
wolfdad RE: Adobe Flash Player 10.x
Member 16th Jun, 2010 03:07
Score: 0
Posts: 1
User Since: 7th Jun 2010
System Score: N/A
Location: US
Same here, sort of...I have updated my Flash with the new update from Adobe and yet Secunia is listing it three times as a threat as if I haven't done so. It did the same with my Java.....does anyone know why? Thanks
Was this reply relevant?
+0
-0
TiMow RE: Adobe Flash Player 10.x
Dedicated Contributor 16th Jun, 2010 07:04
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 16th Jun, 2010 12:36
@wolfdad

When you update flash it doesn't remove all of the old insecure version - normally the old .ocx file(s).

There are 2 standard solutions to this (both of which I've already posted on this thread, above).

The first is to completely uninstall all flash (with an Adobe downloadable uninstaller), and then re -install latest (2x). [the 2nd download link is faulty and is correctly reproduced further down, after the 1st reply]

The second is to navigate to the file location of flash, and manually delete the old .ocx file(s) - after installing the latest.

After either of the above PSI normally will only recognise the changes after a reboot and full scan.

All you need to know is written above.

TiMow

EDIT: A couple of times in my above posts I referred to the old flash being found in the Insecure tab of PSI. I now think in this instance, it actually showed up as End-of-Life. Look for the tab with the red lettering (under Advanced mode).

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
joe6966 RE: Adobe Flash Player 10.x
Member 17th Jun, 2010 16:44
Score: 0
Posts: 2
User Since: 24th Mar 2010
System Score: N/A
Location: N/A
I tried this suggestion, and I can't even download the uninstaller program.
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Flash Player 10.x
Dedicated Contributor 17th Jun, 2010 16:57
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
@joe6966

I suggest you start a new thread for this problem.

Please give some more details:
Operating System
Browser
Antivirus/Firewall
Can you access the Adobe website?
What stage the download fails
Any error messages

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
lmacri RE: Adobe Flash Player 10.x
Member 17th Jun, 2010 17:38
Score: 42
Posts: 87
User Since: 9th Sep 2009
System Score: N/A
Location: CA
Last edited on 17th Jun, 2010 17:42
There is a similar thread in the Programs forum started by Websafe at http://secunia.com/community/forum/thread/show/446... that may also have some other helpful suggestions about how to delete insecure files from old Adobe Flash Player installations.

If you're having problems downloading the Adobe Flash Player Uninstaller utility from http://kb2.adobe.com/cps/141/tn_14157.html then try downloading it to your desktop instead of saving it on your hard drive. I have Norton Internet Security 2010, and for some reason it sometimes aborts certain downloads to my hard drive but won't complain if they're saved to my desktop.



--
Vista Home Premium SP2 32-bit * NIS 2013 v. 20.5.0.28 * IE 9 * FF v. 31.0 * PSI v. 2.0.0.3003
Was this reply relevant?
+0
-0
joe6966 RE: Adobe Flash Player 10.x
Member 18th Jun, 2010 18:22
Score: 0
Posts: 2
User Since: 24th Mar 2010
System Score: N/A
Location: N/A
I have solved my problem by using IE to download the patches. I was having trouble yesterday clicking on downloads and forums in Secunia when I had Firefox as my default browser.
I want to support Firefox, but it is an arduous task.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+