Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Java JRE 1.6/6.x one adobe CS5

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Sun Microsystems
And, this specific program:
Oracle Java JRE 1.6.x / 6.x

This thread has been marked as resolved.
disPlay Java JRE 1.6/6.x one adobe CS5
Member 27th Jul, 2010 18:25
Ranking: 0
Posts: 7
User Since: 27th Jul, 2009
System Score: N/A
Location: PT
Hi I have some parts of the CS5 adobe suite the problem is that Secunia flags the java in the CS5

The java is located in C:\ProgramData\Adobe\CS5\jre\bin

what can I do about the files in this directory? I always had this question.
The java that I have installed in my system is the last one update 21.

Post "RE: Java JRE 1.6/6.x one adobe CS5" has been selected as an answer.
Maurice Joyce RE: Java JRE 1.6/6.x one adobe CS5
Handling Contributor 27th Jul, 2010 19:00
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If U click on this are there other files in the bin folder or is it a standalone item?

C:\ProgramData\Adobe\CS5\jre\bin


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
disPlay RE: Java JRE 1.6/6.x one adobe CS5
Member 27th Jul, 2010 21:13
Score: 0
Posts: 7
User Since: 27th Jul 2009
System Score: N/A
Location: PT
There are other .dll jushed etc. 83 items + 2 folders
Was this reply relevant?
+0
-0
Maurice Joyce RE: Java JRE 1.6/6.x one adobe CS5
Handling Contributor 27th Jul, 2010 21:20
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 27th Jul, 2010 21:20
Thank U.

Navigate back to this file:

C:\ProgramData\Adobe\CS5\jre\bin

Right click on it & rename it C:\ProgramData\Adobe\CS5\jre\bin_OLD

Carry out a full rescan with PSI - has that removed the vulnerability?




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+4
-0
Anthony Wells RE: Java JRE 1.6/6.x one adobe CS5
Expert Contributor 27th Jul, 2010 21:25
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 27th Jul, 2010 21:28
This rather long and argumentative thread discusses some of the problems of Java in Adobe ;-

http://secunia.com/community/forum/thread/show/434...

In this case only the jave.exe was renamed .

Maybe something which helps if you dig around .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
disPlay RE: Java JRE 1.6/6.x one adobe CS5
Member 27th Jul, 2010 21:45
Score: 0
Posts: 7
User Since: 27th Jul 2009
System Score: N/A
Location: PT
In fact If i delete the whole folder I would have any problem with cs5?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Java JRE 1.6/6.x one adobe CS5
Handling Contributor 27th Jul, 2010 21:48
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
U may - hence my advice at this stage to just rename it. Once U complete that & give me the answer on the PSI scan I can advise further.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
disPlay RE: Java JRE 1.6/6.x one adobe CS5
Member 27th Jul, 2010 22:03
Score: 0
Posts: 7
User Since: 27th Jul 2009
System Score: N/A
Location: PT
The folder was renamed and the java is no longer marked as insecure.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Java JRE 1.6/6.x one adobe CS5
Handling Contributor 27th Jul, 2010 22:49
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Good news.

I think U should consider this a temporary fix. I suspect CS5 in certain circumstances has a reliance on Java hence Adobe have embedded it within the programme.

Updating Java by the traditional (which I note U have done) method or using the auto update feature in PSI version 1.9.0.2 will never update CS5 because they both only update to the default location.

Your standalone Java install should be showing separately in PSI as secure.

It is an Adobe responsibility to update CS5 and its embedded Java & Flash.

As a paying customer I would contact Adobe Support and ask them:

1. Is the embedded Java really vulnerable - if they say it is not then rename the file back to the original & create an ignore rule.
2. If it is then what are they doing about it?
3. U might also ask them why they have embedded JUSHED.dll - this is the Java Update Scheduler & clearly does not work.

If U do encounter CS5 operability issues just rename the file we have altered back to its original until U get a proper fix from Adobe.

Hope this helps. If U are now happy could I ask U to lock (Accept) the thread. That will prevent U & I from getting update emails from "tag on" posts.




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+4
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability