navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Flash Player 10.1.102.64 (NPAPI)

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
joe schmoe Adobe Flash Player 10.1.102.64 (NPAPI)
Member 15th Nov, 2010 21:05
Ranking: 41
Posts: 143
User Since: 26th Nov, 2008
System Score: 100%
Location: US
Hi,

I'm confused.

Is it safe to run this extension in FF 3.6? There are some reports, Secunia PSI included, that this player is being actively exploited in the wild even though this is the most recent update available. I show no older versions of this player in PSI.

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit

metaed RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Member 15th Nov, 2010 21:17
Score: 1
Posts: 110
User Since: 11th Feb 2009
System Score: 100%
Location: US
Can you cite Secunia or other sources for the information that this version is vulnerable?

The one place I know to look for Secunia's perspective is the vulnerability report for Adobe Flash Player 10.x: http://secunia.com/advisories/product/20166/

On that page it says:

"There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied."

Cheers, MetaEd

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+1
-0
TiMow RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Dedicated Contributor 16th Nov, 2010 08:30
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Joe

The version you have listed in your header, is the latest, and PSI reports this as patched - i.e. - secure (as much as anything Adobe can be).

SA41917 related to the previous flash version (10.1.85.3), which has now been obviously updated.

@metaed has already given the quote (above) to PSI recognised current status.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
joe schmoe RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Member 16th Nov, 2010 10:23
Score: 41
Posts: 143
User Since: 26th Nov 2008
System Score: 100%
Location: US
To both metaed and TiMow,

Cheers,

I got it now. It was just that in PSI version 1.5.0.2 (which I run) there is a column for "Patched Threat" in the Patched Tab that indicates that this program is a Category Five threat. That is why I became concerned.

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+1
-2
joe schmoe RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Member 16th Nov, 2010 10:25
Score: 41
Posts: 143
User Since: 26th Nov 2008
System Score: 100%
Location: US
To both metaed and TiMow,

Cheers,

I got it now. It was just that in PSI version 1.5.0.2 (which I run) there is a column for "Patched Threat" in the Patched Tab that indicates that this program is a Category Five threat. That is why I became concerned.

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+1
-2
joe schmoe RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Member 16th Nov, 2010 10:29
Score: 41
Posts: 143
User Since: 26th Nov 2008
System Score: 100%
Location: US
To both metaed and TiMow,

Cheers,

I got it now.

It was just that in PSI version 1.5.0.2 (which I run) there is a column for "Patched Threat" in the Patched Tab that indicates that this program is a Category Five threat. That is why I became concerned.

I do not run Adobe Flash or Reader in IE8, especially since the latest vulnerability report came out and M$ did not issue a fix for this new one or the old one dating from this February last. At least FF is updated whenever a vulnerability is reported.

joe schmoe

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+1
-2
joe schmoe RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Member 16th Nov, 2010 10:31
Score: 41
Posts: 143
User Since: 26th Nov 2008
System Score: 100%
Location: US
Last edited on 16th Nov, 2010 10:37
To both metaed and TiMow,

Cheers,

I got it now.

It was just that in PSI version 1.5.0.2 (which I run) there is a column for "Patched Threat" in the Patched Tab that indicates that this program is a Category Five threat. That is why I became concerned.

I do not run Adobe Flash or Reader in IE8, especially since the latest vulnerability report came out and M$ did not issue a fix for this new one or the old one dating from February of this year. At least FF is updated whenever a vulnerability is reported.

joe schmoe

I'm really sorry about the last two posts. Seems my FF browser was unresponsive so I clicked Reply three times. Sorry again.

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+7
-0
TiMow RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Dedicated Contributor 16th Nov, 2010 10:58
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 16th Nov, 2010 11:07
Joe

I also run 1.5.0.2 and the latest flash is secure.

The Patched Threat cat.5 to which you're referring, is what it would be, if you hadn't applied the latest update. If you hover your mouse/cursor over the blue "[?]" on the right of "Patched Threat", it should give an explanation. It is the same where ever you see the ? symbol.

This threat rating column has caused confusion, in the past, to many users - including myself - a long time back.

Re. your multiple posts - I'm not sure if the problem lies with Ff. or Secunia servers, as I have experienced problems (timing out) with the forum and replying, this morning - I hope you won't be scored negatively (net value) - i will try to clear out 2 posts with negative values, but give equivalent back on another.

TiMow

EDIT: This post also appeared to get lost in the ether, but I left it, to find it's way, with longer time required.

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
metaed RE: Adobe Flash Player 10.1.102.64 (NPAPI)
Member 16th Nov, 2010 20:14
Score: 1
Posts: 110
User Since: 11th Feb 2009
System Score: 100%
Location: US
on 16th Nov, 2010 10:58, TiMow wrote:
This threat rating column has caused confusion, in the past, to many users - including myself - a long time back.


And Secunia was listening---in the 2.0 beta, the Threat Rating column does not show a severity level if you have the patch installed.

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+