flash install left part of old version behind

To:	nessus@list.nessus.org
Subject:	flash install left part of old version behind
From:	Bob Babcock <rbabcock@cfa.harvard.edu>
Date:	Mon, 13 Nov 2006 15:24:58 -0500 (EST)
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	nessus@list.nessus.org
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Reply-to:	rbabcock@cfa.harvard.edu
Sender:	nessus-bounces@list.nessus.org

To:

nessus@list.nessus.org

Subject:

flash install left part of old version behind

From:

Bob Babcock <rbabcock@cfa.harvard.edu>

Date:

Mon, 13 Nov 2006 15:24:58 -0500 (EST)

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

nessus-list1@securepoint.com

Delivered-to:

nessus@list.nessus.org

List-archive:

<http://mail.nessus.org/pipermail/nessus>

List-help:

<mailto:nessus-request@list.nessus.org?subject=help>

List-id:

Discussion of Nessus software <nessus.list.nessus.org>

List-post:

<mailto:nessus@list.nessus.org>

List-subscribe:

<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>

List-unsubscribe:

<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>

Reply-to:

rbabcock@cfa.harvard.edu

Sender:

nessus-bounces@list.nessus.org

Scanning a win/xp machine with Windows Nessus, plugin 11952 says the flash
version is older than 7.0.19.0, but Shavlik says the version is 7.0.68.0.
Looking closer, I find
  flash7a.ocx  7.0.68.0
  flash.ocx    6.0.79.0
in \windows\system32\macromed\flash.  Looks like the install of version 7
didn't remove all of version 6 and the plugin is seeing the old version.
(I modified the plugin to display the version number and got 6.0.79.0.)
The registry entry at
HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\CurrentVersion says
7,0,68,0.  Unless there's some way the old, vulnerable flash can be
triggered, I think the plugin should ignore the old file.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
flash install left part of old version behind, Bob Babcock <= Re: flash install left part of old version behind, George A. Theall

Previous by Date:	any news on profilesRe: Plugin 16192, Darko Gavrilovic
Next by Date:	Re: flash install left part of old version behind, George A. Theall
Previous by Thread:	Nessus 3 logging.., Paul Hanson
Next by Thread:	Re: flash install left part of old version behind, George A. Theall
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

any news on profilesRe: Plugin 16192, Darko Gavrilovic

Next by Date:

Re: flash install left part of old version behind, George A. Theall

Previous by Thread:

Nessus 3 logging.., Paul Hanson

Next by Thread:

Re: flash install left part of old version behind, George A. Theall

Indexes:

[Date] [Thread] [Top] [All Lists]