Windows XP SP3 Includes Vulnerable Flash Player

[Drifter]

Microsoft Corp.'s Windows XP Service Pack 3 (SP3) ships with an out-of-date version of Adobe's Flash Player that's vulnerable to recently spotted attacks, according to Microsoft's support documentation.

More Here...And you could test your version of Flash Player From Here... Edited June 3, 2008 by Drifter

[Guitar Man]

Thanks for the heads up, Drifter. I'll pass this on.

[Ed_P]

If you are already running the current version of Flash SP3 doesn't downgrade it. It only upgrades Flash versions which are older and even more prone to hacking than this one.

[Tarq57]

I wonder. I keep my applications up to date with the rather useful Secunia PSI. Sometime after installing SP3, PSI did its routine scan and found an out of date flash version (IIRC) on bord, in the current (up to date) flash folder. I think it was an .ocx file. After deleting it, all was OK, and flash still worked. Haven't thought any more about it, until now.

[Drifter]

I tested my version of Flash after seeing the article...In Firefox it said “You have version 9,0,124,0 installed" but in IE7 it was "You have version 9,0,28,0 installed"Does this mean Flash is installed separately for every browser?

[Tarq57]

Drifter, in my limited experience of updating flash, yes. It has to be uninstalled/updated for each browser. There is a flash uninstall tool available at the site to simplify the process, following which I've always just visited the site using each browser to install the latest version.

[Drifter]

Thanks Temmu for mentioning abt Secunia Psi..I read about this application sometime back. After seeing your post thought of giving it a try and found 12 insecure items

[zlim]

Geeze, I just checked my eeepc and ASUS shipped it with 9,0,48! How low can you go!Thanks for the heads up on this. My windows computers were updated to 9,0,124 when i read about the security hole.

[Ed_P]

found an out of date flash version (IIRC) on bord, in the current (up to date) flash folder. I think it was an .ocx file.

I have one of those files also. Apparently a hold over from the days when Macromedia made Flash player. In fact PSI shows a link to http://www.macromedia.com/go/getflash to get an update. A better solution to recommend is what you did, simply delete the old file. Installing the current Adobe version doesn't remove the Macromedia file.

[Tarq57]

Made sense to do that, since all the other components for the up to date version appeared to be present and correct.Darned if I understand how thos company - and Sun - get away with not providing some kind of auto uninstaller for the old versions when updating. Look at just about any HJT log, and there's almost always an out of date version of one of these on board. There are'nt any easy to find nor follow instructions on the site, either. It's a bit like a MacDonalds drive through.Maybe they're in cohooots with the malware writers?

[Drifter]

It detected 5 JRE versions for me, which it says is insecure. 4 of them points to the same location and the 5th one comes from one of my backups in the secondary drive. But when I click the download icon in Secunia PSI nothing happenes and in Java Control Panel it says my version is uptodate.

[Tarq57]

Drifter, you should go to "add/remove programs", uninstall the old versions.