PDA

View Full Version : critical bug(s) in Macromedia Flash


davidh
May 19th, 2006, 05:29 AM
Anybody installed these security updates for Flash Player yet?

I looked on download.com and they have 8.0.22 (has bug) for IE and 8.0.24 (bug fixed) for FF, etc.

I wonder if Adobe has 8.0.24 for IE yet?

Does one have to install same level patch 8.0.24 separately for IE and FF (I have both)?

Flash is not a MS product so Windowsupdate does not warn about this :(

PITA

-----------------------------------

Microsoft Security Bulletin MS06-020
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) Published: May 9, 2006 Version: 1.0

http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx

"Flash Player is available for download from Adobe Systems, Inc. (formerly Macromedia, Inc). Flash Player also may have been installed or required by another software application. You can determine whether you have Flash Player installed and if so what version by visiting the following Adobe Web site. If you have a version of Flash Player earlier than 7.0.63.0 or 8.0.24.0 you have a version that may be affected by the reported vulnerabilities."

-----------------------------------

FWIW, some info from my Windows registry:

[HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@macrom edia.com/FlashPlayer8]
"Path"="C:\\WINDOWS\\SYSTEM\\Macromed\\Flash\\NPSWF32.dll"
"XPTPath"="C:\\WINDOWS\\SYSTEM\\Macromed\\Flash\\flashplayer. xpt"
"ProductName"="Macromedia Flash Player"
"Vendor"="Macromedia"
"Description"="Macromedia Flash Player 8.0"
"Version"="8.0.22.0"

David H.

P.S.

Couldn't get to macromedia or adobe sites for some reason.

Right clicking on Flash animation (v.8) in FF would NOT give detailed ver. info, probably since macromedia.com was down ? What a PITA, can't even find out what version is running without dumping the registry or going to website :(

Seems there's a util to enable/disable Flash, getting tempted to install it.

davidh
May 19th, 2006, 08:06 AM
Looks like my ISP DNS is screwed up for a while. Can't get to adobe and macromedia sites, unless I go indirectly thru a LYNX server.

Downloaded and installed Flash 8.0.24 (I thought) from C/NET download.com, but not sure it really did anything. Installer gave no feedback to User Interface at all. Reg entry (at least the one I posted) showed no change in ver. #.

Probably will have to wait til my ISP DNS servers sync up, or whatever.

:(

David H.

Judy G. Russell
May 19th, 2006, 02:06 PM
Seems there's a util to enable/disable Flash, getting tempted to install it.It's called FlashBlock (http://flashblock.mozdev.org/) and it works very nicely.

ndebord
May 19th, 2006, 11:15 PM
It's called FlashBlock (http://flashblock.mozdev.org/) and it works very nicely.


Judy,

K-Meleon has a similar utility. I've got a button that says "KillFlash" and whenever I click on it, it kills the offending flash of the moment.

Flash seems to like to get its hooks into the system rarther more deeply than most.

davidh
May 20th, 2006, 03:12 AM
DNS was okay.

Subnet mask on ethernet adapter subnet entry in zone alarm had wrong value, was 255.0.0.0 should be 255.255.255.0.

Glitch apparently came in ZA because first octel of adobe IP is 192 , same as 192.168.x.x local subnet

Had to reinstall ZA cause ZA would not let me edit setting for active ethernet adapter.

David H.

davidh
May 20th, 2006, 11:57 AM
After I fixed my firewall so I could go to adobe.com, I tried to dl the 8.0.24 player for IE. No go. Just a lot of dl i/o but no update result. I think my player config in IE was already screwed up since the flash media did not seem to play right in the past anyway, compared to playing in FF.

So I tried dl the flash player uninstaller from adobe. It uninstalled flash player in IE *and* FF. I also verifed that it had deleted the NPSWF... whatever DLL. Deleted the REG entry I posted in this thread too.

Part of the difficulty to install flash into/thru IE may be that adobe does not seem to have a standalone installer, only installs thru IE, so maybe uses active-x to do install or something.

Then tried to reinstall flash player 8.0.24 in IE *again*. Same result, dl i/o, but no player, install failed (they say movie playing at end of dl means success, no move).

But install of 8.0.24 into FF went ok. They have a link to a flash movie that you click to verify the version number.

The link to flash player for IE at download.com was actually a link to the dl page on adboe site, even tho' the link at download.com said it was for 8.0.22.

BTW the successful install of flash player 8.0.24 for FF actually put the 1.3MB DLL NPSWF... in 3 times: in my old Netscape 4.8, in my old Mozilla 1.1, in FF 1.5.0.3.

So at least I think I'm rid of all the players on this pc with the critical bug. player does not work in my IE not since it's gone, but if I ever need it, it's in FF (whether I want it or not :( ). I do send American Greetings ecard free from Yahoo mail sometimes, so flash is not a total pain.

David H.

Judy G. Russell
May 20th, 2006, 01:27 PM
I wonder if you need to set your security/trusted zone stuff in IE in order to do this...?

davidh
May 20th, 2006, 03:41 PM
I wonder if you need to set your security/trusted zone stuff in IE in order to do this...?

I tried to force all IE settings back to defaults before d/l, but who knows ? I won't live long enough to ever find out and understand all the IE settings. Or almost any other configuration in computers any more :(

David H.

Judy G. Russell
May 20th, 2006, 03:48 PM
I won't live long enough to ever find out and understand all the IE settings.Much less will you want to understand IE!!

davidh
May 20th, 2006, 05:03 PM
I wonder if you need to set your security/trusted zone stuff in IE in order to do this...?

I searched google for "standalone installer" "flash player" and it gave me a match on a macromedia/adobe site. I downloaded the one it offered for IE and it installed 8.0.24. I made sure to reboot pc and turn off firewall before install in case it would be finicky.

I then right clicked on a flash image in IE on the american greetings ecard / yahoo email site and then I clicked on the "about" in the drop-down menu and it took me to adobe web site and forced me to download a stupid flash movie just so that I could verify that the version actually is 8.0.24 ( on dial up :( ).

I'm sure that there must be SOME worthwhile educational purpose for "flash", but I doubt "flash" can teach President Bush and the rest of us to speak sensible english.

David H.

Judy G. Russell
May 20th, 2006, 07:50 PM
Combine educational and entertainment values. Use flash to learn to hit a home run with a pengiun (http://n.ethz.ch/student/mkos/pinguin.swf). (Click the mouse to start the penguin dropping, then click again to take your swing!)

davidh
May 20th, 2006, 08:12 PM
the penguin dropping

For people with a dirty mind, like me, the word "falling" would sound better.

David H.

Judy G. Russell
May 20th, 2006, 10:06 PM
That's "droppings", not "dropping"!!!

davidh
May 21st, 2006, 08:21 AM
Well, my spelliling is not so good either.

Anyway, I haven't the courage yet to click the link. Hitting home runs and clicking mice sounds a little violent to me. And I think penguins and baby seals are cute, too.

David H.

Judy G. Russell
May 21st, 2006, 09:55 AM
Anyway, I haven't the courage yet to click the link. Hitting home runs and clicking mice sounds a little violent to me. And I think penguins and baby seals are cute, too.I don't think the penguin will mind. Really.

Jeff
May 21st, 2006, 01:03 PM
I don't think the penguin will mind. Really.

I sent it 209 yards(?) and it was still smiling.

- Jeff

Judy G. Russell
May 21st, 2006, 03:04 PM
I sent it 209 yards(?)Piker!