Adobe Flash Player “insecure,” says Secunia repeatedly

Hello again to all. I have a question about Secunia Online Software Inspector’s readings of my system. (Actually, I suspect my fundamental problem lies with my using Google Chrome, but I’m trying to isolate my various glitches, so for now I’ll just ask about these Secunia readings.)

I am running Windows XP Home Edition SP 3. As I said, my browser is Chrome.

About an hour ago I ran a Secunia scan. It reported that I had three insecure programs on my system, all of them Adobe Flash Player. All of them could supposedly be fixed by downloading Flash Player version 11.4.402.265 (ActiveX).

Well, I did more than download the new version. I went in with Revo Uninstaller (for which I thank again the fine folks here at MG) and pulled out Adobe Flash Player and Shockwave Flash. I then went to the Adobe site and downloaded the new version of Flash Player. Then I restarted the machine.

First thing I did (after finally getting Chrome to load, and that’s another story) was to run Secunia again. And what did it report??? The same “insecurities” it had come up with in the first place! Here’s a slightly pared-down version of what it said:

1. Adobe Flash Player 11.x 11.4.402.257 (ActiveX)
This installation of Adobe Flash Player 11.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 11.4.402.257 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 11.4.402.265 (ActiveX).

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash32_11_4_402_257.ocx


2. Adobe Flash Player 11.x 11.4.402.259 (ActiveX)
This installation of Adobe Flash Player 11.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 11.4.402.259 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 11.4.402.265 (ActiveX).

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash32_11_4_402_259.ocx


3. Adobe Flash Player 11.x 11.3.300.270 (ActiveX)
This installation of Adobe Flash Player 11.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 11.3.300.270 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 11.4.402.265 (ActiveX).

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash32_11_3_300_270.ocx


My basic question is why, after I got rid of the old versions and installed the new version and restarted the system, why should I end up with the same results as before?

A second question is: If I installed one version only of Flash Player, why should Secunia report that I have three different versions installed in three different places?

A related question, a mystery really, has to do with Secunia’s behavior with different browsers. Several days ago I ran the Secunia inspector under Firefox, and it said I had no insecure installations. Right after that I ran it with Chrome, and it reported seven insecure versions, including an old installation of Firefox, one old installation of Adobe Reader, and five different versions of Flash Player. Does anyone have any idea of why it would respond so differently to the two browsers??

As I said, I suspect my basic problem lies with Chrome. But right now I’d like to know what’s going on with Secunia, if anyone has any ideas.

Thank you all again.

Hope

 

This was an old problem with Adobe Flash (I had it) where the old .ocx files were not being deleted during an update but it was supposed to be fixed with the new Adobe Flash installer.

Download and run the Adobe Flash Player Uninstaller
Restart your computer
Run the Secunia scan again to see if it still reports the problems.

If it does, launch Windows Explorer and follow the path that Secunia provided:
C:\WINDOWS\SYSTEM32\Macromed\Flash
In the folder you will probably find those .ocx files Secunia reported, delete them. Also delete anything else that might be in that folder because they shouldn't be there if you have completely uninstalled Adobe Flash
If the .ocx files do not exist in that folder then I don't know what the problem is now.

Install the latest version of Adobe Flash
Run the Secunia scan again to see if all is good

 

The latest Flash Player version is 11.4.402.278

 

Thanks, MadMal. I followed your instructions and then reran the Secunia scan. This time it came back with only two insecure versions, at 32_11_3_300_270.ocx and at 32_11_4_402_257.ocx.

Sure enough, the Macromed folder did contain those two .ocx files, plus several others -- including, amazingly, a file that looks like the real latest version of Flash.

I will delete the .ocx files, but may I run the others past you to make sure I'm not deleting anything I shouldn't? Here's the list of the folder contents:

270.ocx
257.ocx
FlashInstall.log
genuinst.exe
KB923789.inf
mms.cfg
NPSWF32_11_4_402_278.dll

Is there anything here I should leave? Should I leave in this last file, thinking it might be the latest version of Flash, or just wipe the whole folder and start fresh? Thanks for your advice.

And pwillener, I'm glad you reminded me about the latest version of Flash:

Strangely, even after I ran the Secunia scan again this morning and it reported those two remaining .ocx files I mentioned above, it still kept insisting that the newest version is 11.4.402.265. Why would that be?

Thank you both again. Gee, maybe if I get this problem straightened out it will help improve Chrome too.

Hope

 

Yes, thanks, plodr. I do have two other versions of Flash that, thanks to advice here at MG, I keep disabled. I rely on the Macromedia version (which of course I won't have again until I reinstall Flash Player.

Hope

 

I also have Windows XP Home Edition SP 3 but my browser is FireFox
Looking at my screenshot below and you will see the contents of my Macromed folder is different to yours especially KB923789.inf this looks like a Windows security update which I don't have but maybe I should.
The differences might be just because of Chrome but to be safe I don't think you should delete anything except the extra .ocx files until one of the security experts here has a look and comments on it.

 

OK, thank you very much, MadMal. I do appreciate your looking over my list. I will get rid of the two .ocx files and check in later to see if anyone has other comments. Again, you've been very helpful.

Hope

 

If you have run the Flash Player Uninstaller, all old files should be gone. If not, they may have been in use, and they will be gone after the next reboot.

 

Thanks, pwillener. I did use the Flash Player Uninstaller, and the files that remained are the ones I listed above. I manually deleted the .ocx files and rebooted, then rebooted a second time. I've still got that same list in the Macromed folder (minus the .ocx files, of course), as follows:

FlashInstall.log
genuinst.exe
KB923789.inf
mms.cfg
NPSWF32_11_4_402_278.dll

Turns out genuinst.exe and KB923789.inf have been in there since 2006, but the other three date to various times this year.

MadMal suggested that KB923789.inf could be a security update, and so it is: When I looked it up I saw it described as a "critical security update for Windows XP [that] addresses vulnerabilities in the Macromedia Flash Player from Adobe that could allow remote code execution." So I guess I should keep it. (???)

The other 2006 entry, genuinst, is some kind of generic uninstaller. I suppose there'd be no harm in getting rid of that.

About the others I have no idea. The discussions I've seen online of NPSWF32etcetc are just so technical I can't even begin to figure out what this thing is.

But the bottom line, I gather, is that it's best to have nothing in the Macromed folder other than files from the most recent update of Flash. Right?

Thanks again.
Hope

 

You can safely delete genuinst.exe and KB923789.inf - they are both from a very old Flash Player version.

FlashInstall.log is the install log file; useful if the installation fails. Otherwise you can delete it (if you wish).

mms.cfg contains various Flash Player options, e.g. regarding auto-update.

NPSWF32_11_4_402_278.dll is the actual Flash Player plugin for Firefox and other non-IE browsers.

If you do use Internet Explorer, then you need to install the latest ocx file; you can download the installer from http://helpx.adobe.com/content/help...ms-flash-player-windows.html#main-pars_header

 

P.S. if you only use Chrome, then you don't need any of this; as plodr has indicated earlier, Chrome comes bundled with Flash Player, so you don't need to install the plugin or ocx. Run the Flash Player uninstaller, then delete anything that remains in that folder.

 

OK, pwillener, I've removed everything from the folder. Things are working OK so far. Thanks so much.

I'm really astonished to realize that I've been working the Flash-bundled Chrome conundrum exactly backward, disabling the two Flash versions that came with Chrome and enabling only the external Macromedia version. We'll see how this works out.

Thank you again.

Hope