Hi @ll, almost a year ago I wrote in <http://seclists.org/fulldisclosure/2013/Jul/89> about the vulnerable NPSWF32.DLL and MSVC*.DLL installed with Adobe Reader XI.
Others wrote about the vulnerable NPSWF32.DLL before, cf. <http://secunia.com/community/forum/thread/show/13396/adobe_reader_xi_comes_with_old_flash_library> | After installing Adobe Reader XI there is an NPSWF32.dll in the subdirectory | of the Reader. <http://secunia.com/community/forum/thread/show/2502/adobe_flash_player_9_x_general_plug_in> | Thanks.I calmed PSI by simply deleting two dll files, both called NPSWF. | One was buried deep down in Adobe Premier Elements 4. Since Adobe Reader doesnt use the vulnerable NPSWF32.DLL at all (see <http://helpx.adobe.com/acrobat/using/flash-player-needed-acrobat-reader.html>; money qoute: "Adobe Reader and Acrobat no longer include Flash Player") you may ask yourself: why not put this unused gift into good use? JFTR: about 6 months before the release of Adobe Reader XI Adobe published the following "Background on Security Bulletin APSB12-08" <http://blogs.adobe.com/security/2012/04/background-on-security-bulletin-apsb12-08.html> Here's the "howto", in five easy steps: Step 1: determine the path of the NPSWF32.DLL on your Windows installation (on 32-bit systems, Adobe Reader is installed below "C:\Program Files\Adobe", and below "C:\Program Files (x86)\Adobe" on 64-bit systems). Step 2: start the Windows Editor and paste the 4 lines between the markers: --- >% --- %< --- REGEDIT4 [HKEY_CURRENT_USER\Software\MozillaPlugins\@adobe.com/FlashPlayer] "Path"="C:\\Program Files\\Adobe\\Reader 11.0\\Reader\\npswf32.dll" --- >% --- %< --- Step 3: if necessary correct the path in the last line to resemble the path determined in step 1. Step 4: save the file as "NPSWF32.REG" and close the editor. Step 5: open the NPSWF32.DLL and import it into your registry. Now (re)start your NPAPI-compatible web browser (Firefox, Seamonkey, Opera, Safari, ...) and enter the URL <about:plugins>: you'll see a flash player plugin version 11.5.502.110 listed there (if you see flash player plugin version 11.4.402.265 then your Adobe Reader XI is missing all 7 security updates). regards Stefan Kanthak PS: to undo the damage exit the web browser and import the following *.REG: --- >% --- %< --- REGEDIT4 [-HKEY_CURRENT_USER\Software\MozillaPlugins\@adobe.com/FlashPlayer] --- >% --- %< --- _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
