Forum Thread: Adobe again?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash CS3 9.x

This thread has been marked as locked.
highstream Adobe again?
Member 3rd Mar, 2010 01:16
Ranking: 6
Posts: 29
User Since: 19th Dec, 2007
System Score: N/A
Location: N/A
PSI 1.5.0.0. This morning Adobe Flash CS3 executable flash.exe shows as Insecure. The download solution directs to a different Adobe program, Flash Player v9.0.262. But 10.0.45.2 is the current version, which I have, and CS3 doesn't have Flash Player. Secunia's security advisor shows the problem three weeks ago. I did the Adobe update at that time and PSI cleared. No new Adobe updates at this time. False positive?

highstream RE: Adobe again?
Member 3rd Mar, 2010 01:30
Score: 6
Posts: 29
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
I should add that my flash.exe version is 9.0.0.494, while PSI is claiming it's 9.0.159.0. The Flash Player solution PSI points to is 9.0.262.
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe again?
Secunia Official 3rd Mar, 2010 08:17
Hi gene

If you look in the Flash CS3 folder, there should be a folder called "Players".
This folder contains the insecure FlashPlayer.exe file.

Download the solution with the PSI and replace the entire folder according to Adobe guidelines for patching Flash CS3.

This should clear your insecurity.

genegold99 RE: Adobe again?
Member 3rd Mar, 2010 08:26
Score: 5
Posts: 141
User Since: 25th Nov 2008
System Score: N/A
Location: US
Thanks! I wish PSI's Insecure reference had been to that folder/file and not to flash.exe.
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe again?
Secunia Official 3rd Mar, 2010 08:47
The file listed in the path is not always the insecure file, it's just the file we use to identify the program.

If we can, we will try to get the patched version number from that file, but that's not always possible if the vendor only updates some of the files in a patch.

I will make a request to include the insecure file in a path to make it easier to identify the problem.

This thread has been marked as locked.