Re: Flash Player update available to address security vulnerabil in Security

Re: Flash Player update available to address security vulnerabil in Security http://www.dslreports.com/forum/r19655150 en Fri, 04 Dec 2009 14:15:07 EDT Fri, 04 Dec 2009 14:15:07 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19658803 Bubba17 : Well, I see some methods have been mentioned for determining your Flash version.

As for being in Add or Remove Programs, if you click on your Flash entry, it'll display, "Click here for support information", which then displays the version info along with a link to "Adobe Systems Incorporated", if clicked.]]> http://www.dslreports.com/forum/remark,19658803 Thu, 20 Dec 2007 15:38:41 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19657735 Millenniumle : For Windows IE ActiveX, go to: Windows>System32>Macromed>Flash. There you will find a file named Flash(x).ocx. Right click the file and select "Properties," then select the version tab.

A bit of a manual way to go about it, but.... when you're done checking the verion you can send it to the recycle bin where Flash unfortunately belongs these days, annoying advertisement vehicle that it is and all. :D ]]> http://www.dslreports.com/forum/remark,19657735 Thu, 20 Dec 2007 12:51:37 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19656715 lordpuffer : Thanks....Sorry.....Missed that.]]> http://www.dslreports.com/forum/remark,19656715 Thu, 20 Dec 2007 10:08:38 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19656677 Cudni : as referenced in 2nd post :)
»www.adobe.com/products/flash/about/

also visit secunia site in case you have old version still lurking

Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
MVP, Microsoft Windows Security 2006-2007]]> http://www.dslreports.com/forum/remark,19656677 Thu, 20 Dec 2007 10:02:00 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19656622 lordpuffer : This may be a silly question, but how do I find the flash player to find out which version I have? I found it under add/remove programs, and all it says is "Adobe Flash Player 9 Active X." Thanks.]]> http://www.dslreports.com/forum/remark,19656622 Thu, 20 Dec 2007 09:51:35 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19656007 Cudni : just delete the file referenced, it should give you the location it was found it.

Cudni]]> http://www.dslreports.com/forum/remark,19656007 Thu, 20 Dec 2007 06:29:09 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19656000 mouse : I did a security check via secunia and noticed that I had two versions of flashplayer installed. Adobe Flash and Macromedia Flash - these were listed individually with the recommendation to upgrade as per advice in this thread. I looked for detailed instructions on the adobe site but did not find anything. I then uninstalled via add/remove the only apparent version of the Adobe flashplayer and reinstalled the latest version 9.0.115.0.
Redoing the secunia scan, this is now shown as secure/correct version but I am still shown the additional version of Macromedia Flash Player 6.084.0. How can I get rid of this? I tried the uninstall mentioned somewhere earlier in this thread but this only took care of the new version?]]> http://www.dslreports.com/forum/remark,19656000 Thu, 20 Dec 2007 06:23:13 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655902 redwolfe_98 : thanks for posting the notice, nick, about the flash player security vulnerability.. i didn't install the new flash player, before, because there was no information saying that the update was needed and, also, i looked in the adobe forums and some people were having problems with the new update, so i passed on it.. however, when the update is necessary, in order to address security vulnerabilities, then i update.. :) ]]> http://www.dslreports.com/forum/remark,19655902 Thu, 20 Dec 2007 05:01:24 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655572 AB :

said by noway1

:

. . Anyone heard of any way to substitute something for the Adobe Flash crapware? (Sick of regular vulnerabilities requiring regular upgrades).

Microsoft Corp. now makes a competing crapware-- 'SilverLight' (or 'SilverNight', as Giorgio Maone, developer of the 'NoScript' extension for Firefox refers to it).
Whether or not it simply competes, or was designed as replacement crapware, I couldn't tell you off-hand.]]> http://www.dslreports.com/forum/remark,19655572 Thu, 20 Dec 2007 01:38:38 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655497 MarkAW : Yeah i guess your right.
Thanks. :)]]> http://www.dslreports.com/forum/remark,19655497 Thu, 20 Dec 2007 01:08:25 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655489 AB :

said by MarkAW

:

. . I guess what i am trying to say is why are they now posting this warning when people were asked to update to 9.0.115.0 15 days ago.

I think it's unlikely that the vast majority update their Flash player within two or three weeks of a new version coming out, don't you? ;)

Half the computers in this world that have Flash probably still have a 6.x or 7.x version on them.]]> http://www.dslreports.com/forum/remark,19655489 Thu, 20 Dec 2007 01:06:37 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655451 MarkAW : AB thanks i saw your post and i was at the securia website earlier today using their scanner and wasn't warned about my Adobe Flash Player being out dated, plus i knew i had the latest version installed like i said since Dec 4th (15 days before this Adobe warning was posted). I guess what i am trying to say is why are they now posting this warning when people were asked to update to 9.0.115.0 15 days ago.
»[Update] Adobe Flash Player 9.0.115.0
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle]]> http://www.dslreports.com/forum/remark,19655451 Thu, 20 Dec 2007 00:55:47 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655447 noway1 : Managed to get the Adobe Acrobat reader crapware off this computer by substituting PDF-XChange PDF Viewer. Anyone heard of any way to substitute something for the Adobe Flash crapware? (Sick of regular vulnerabilities requiring regular upgrades). ]]> http://www.dslreports.com/forum/remark,19655447 Thu, 20 Dec 2007 00:53:58 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655420 AB :

said by MarkAW

:

. . are they trying to say that the 9.0.115.0 is vulnerable as well or what? :huh:

The Securia info I posted 2 posts above yours is dated the 19th of December, 2007, fwiw.

*Edit- Also, quoted from Nick's Original Post:

"Severity ratingAdobe categorizes this as a critical update and recommends affected users upgrade to version 9.0.115.0 (Win, Mac, Linux)."]]> http://www.dslreports.com/forum/remark,19655420 Thu, 20 Dec 2007 00:44:20 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655347 MarkAW :

said by tjack

:

If I'm reading the info posted by Nick correctly these are the only versions affected:

Affected software versions: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier.

If you updated on Dec 3rd to the latest version you don't need to add this.

That's what i was thinking as well,because i have had this update since December 4th 2007. So what are they trying to say that the 9.0.115.0 is vulnerable as well or what? :huh:
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle]]> http://www.dslreports.com/forum/remark,19655347 Thu, 20 Dec 2007 00:28:44 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655150 Sindows 7 : Why dont they say all the darn versions are vulnerable?
Every version they ever had gets toasted, cant they get it right? :huh:]]> http://www.dslreports.com/forum/remark,19655150 Wed, 19 Dec 2007 23:44:32 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19655089 AB : »secunia.com/advisories/28161/

---------------------------
The vulnerabilities are reported in versions prior to 9.0.115.0.

Solution:
Update to version 9.0.115.0.
---------------------------]]> http://www.dslreports.com/forum/remark,19655089 Wed, 19 Dec 2007 23:35:55 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19650628 tjack : If I'm reading the info posted by Nick correctly these are the only versions affected:

Affected software versions: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier.

If you updated on Dec 3rd to the latest version you don't need to add this.]]> http://www.dslreports.com/forum/remark,19650628 Wed, 19 Dec 2007 11:41:14 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19650376 koma3504 : Thanks for the info.]]> http://www.dslreports.com/forum/remark,19650376 Wed, 19 Dec 2007 11:02:26 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19650052 SUMware : Looks like this is the same version that was released on Dec. 3.]]> http://www.dslreports.com/forum/remark,19650052 Wed, 19 Dec 2007 10:04:38 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19649822 MagMan : Thanks Guys got it. :)]]> http://www.dslreports.com/forum/remark,19649822 Wed, 19 Dec 2007 09:11:35 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19649660 Grail Knight : Thanks.

The Flash Player Uninstaller is available from here:

»www.adobe.com/shockwave/download/alternates/

Users should also check their Flash Player Security settings after updating.

Flash Player Security Panel
--
"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts." - Sherlock Holmes]]> http://www.dslreports.com/forum/remark,19649660 Wed, 19 Dec 2007 08:10:49 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19649544 anon : The Linux update for Flash Player addresses a memory permissions issue that could lead to privilege escalation. (CVE-2007-6246) :o
»www.adobe.com/support/security/b···-20.html]]> http://www.dslreports.com/forum/remark,19649544 Wed, 19 Dec 2007 07:25:14 EDT Re: Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19649534 NICK ADSL UK : With regards the above update please do make sure you are using the latest build. You can check that here. Also please note that this update was posted originally on the 3rd of December as to what has been updated remains unclear at this time as the build remains the same. None the less it is important to make sure you have this latest build
»www.adobe.com/products/flash/about/]]> http://www.dslreports.com/forum/remark,19649534 Wed, 19 Dec 2007 07:21:29 EDT Flash Player update available to address security vulnerabil http://www.dslreports.com/forum/remark,19649520 NICK ADSL UK : Flash Player update available to address security vulnerabilities
Release date: December 18, 2007

Vulnerability identifier: APSB07-20

CVE number: CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246, CVE-2007-5476

Platform: All platforms

Affected software versions: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier.

SummaryCritical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.

Affected software versionsAdobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier.

To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

SolutionAdobe recommends all users of Adobe Flash Player 9.0.48.0 and earlier versions upgrade to the newest version 9.0.115.0 (Win, Mac, Linux), by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

Adobe will be providing an update to Adobe Flash Player 9.0.47.0 for Solaris at a later date. Customers can download and install the Flash Player public beta, which addresses these vulnerabilities, from the Adobe Labs site in the meantime.

For customers who cannot upgrade to Adobe Flash Player 9, Adobe has developed a patched version of Flash Player 7. Please refer to the Flash Player update TechNote.

Severity ratingAdobe categorizes this as a critical update and recommends affected users upgrade to version 9.0.115.0 (Win, Mac, Linux).

DetailsMultiple input validation errors have been identified in Flash Player 9.0.48.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user’s web browser, email client, or other applications that include or reference the Flash Player. (CVE-2007- 4768, CVE-2007-6242)

This update introduces functionality to mitigate a potential issue could potentially aid an attacker in executing a DNS rebinding attack. For more information, see the following Adobe Developer Center article. (CVE-2007-5275)

This update introduces a new, stricter method for Flash Player to interpret cross-domain policy files. These changes could help prevent privilege escalation attacks against web servers hosting Flash content and cross-domain policy files. For more information, see the following Adobe Developer Center article. (CVE-2007- 6243)

This update restricts the unsupported asfunction: protocol to address potential cross-site scripting issues with some SWF files. This issue is specific to Flash Player 8 and Flash Player 9 and does not affect Flash Player 7. (CVE-2007-6244)

This update makes changes to the navigateToURL function to prevent potential Universal Cross-Site Scripting attacks. This issue is specific to the Flash Player ActiveX Control and the Internet Explorer Browser. (CVE-2007-6244)

This update resolves an issue that could allow remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks. (CVE-2007-6245)

This update introduces functionality to mitigate a potential port-scanning issue. For more information, see the following Knowledgebase Article. (CVE-2007-4324)

The Linux update for Flash Player addresses a memory permissions issue that could lead to privilege escalation. (CVE-2007-6246)

The Mac update for Flash Player addresses the issue with Flash Player originally reported by Opera and described in Security Advisory APSA07-05. (CVE-2007-5476)

»www.adobe.com/support/security/b···-20.html

download
»www.adobe.com/shockwave/download···aveFlash
--
Wilders Security Forum Admin
Microsoft MVP-Windows Security

]]> http://www.dslreports.com/forum/remark,19649520 Wed, 19 Dec 2007 07:14:15 EDT