Adobe Flash Player 10.3.181.34

Whenever I'm putting flash on a computer initially (after a reformat or whatever) I just go to Youtube and try to watch a video. It tells me, "hey stupid, you need this plugin"... then quickly downloads & installs it. It takes like 10 seconds. Reboot Firefox... done. I'll never go to Adobe's website to do it again.

Then every once in awhile I get a message after rebooting that there's an update for it, so I install it, then reboot again. I never uninstall the old version first and have never encountered a problem.

I do like that there's a button for it in the control panel now so you can change your settings there instead of through the webpage. That was long overdue.

 

How does this happen?

I download the latest/current Flash installers (let's assume for both IE and 'other browsers', since you didn't specify anything). I run those installers in a 'pound on top' fashion.
I then go to Adobe's 'test the player' website, which verifies the version I just installed is current and working. (Am I now able to view videos at YouTube, btw? It appears I'm supposed to be.)

I can view videos, Adobe's tester page gives me a 'thumbs up' on the new version-- yet I'm still 'vulnerable'? (That is, aside from the fact that I remain permanently vulnerable through the mere act of installing and enabling any Flash video version plugin on my machine to begin with.)

How can I still be vulnerable, and what is Securia flagging?

 

I'm not sure if it's still relevant but it used to flag the old ocx file found in your Windows\System32\Macromed\Flash folder (or Windows\SysWOW64 on Win x64 as KFBeaker pointed out earlier). Every other file was replaced (or removed) *except* the old ocx file (e.g., Flash9c.ocx) and that file is what Secunia flagged as vulnerable. Perhaps those nice folks at Adobe (finally) found a way to get that old ocx file removed when a user upgrades to a new version.

 

Take a look at post#23
http://kb2.adobe.com/cps/141/tn_14157.html?promoid=DNRTE

Bo

 

"Secunia Scan Results

1. Why are there so many detected files for program X?
Frequently when installing newer versions of a program, the vendor-provided installer/updater will occasionally not remove older versions of a program, and simply leave them on your hard-drive. These programs will typically not be shown in Add/Remove on the control panel either.

The PSI will group multiple detections of the same program together into one instance, and will rate the program's overall security based on the whether or not an up-to-date installation is present. The leftover files are known as 'zombie files'. " http://secunia.com/vulnerability_scanning/personal/faq/#q1

... when one not had the chance to update a product in a while, you should uninstall first then re-install ... especially when dealing with browser plugins.

 

Right, that's what I figured was going on.

I don't remember if I've ever had Flash leave an old file behind or not. I know I always check.
Maybe it has something to do with installing it thru IE rather than running the full installer from the machine. I always run the full installer, which, btw, itself always runs an uninstaller prior to the install.

Regardless, as that link from Securia says, it's a "zombie file". Nothing in the registry points to it for execution. If it can't execute, it's got no life, therefore isn't really a threat. It's just a left-over file.

What post #23? That link sends me to the instruction page on how to uninstall Flash.

 

Seems so......just check your install log file; the following appears in mine:

...
0005 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2...

...
0002 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2...

 

Yes, that's the one. Thanks for the link.