Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Flash Player plagued by third zero-day flaw in a month

02 Feb 2015   #1
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 
Flash Player plagued by third zero-day flaw in a month

Here we go again.....

Quote:
Adobe Systems warned users that hackers are exploiting another unpatched vulnerability in Flash Player—the third one in the past month—to infect computers with malware.

There are reports that the vulnerability is being actively exploited in drive-by-download attacks that target systems running Flash Player under Internet Explorer or Mozilla Firefox on Windows 8.1 and below, Adobe said in a security advisory published Monday.

The company plans to release Flash Player updates that will address the flaw later this week.

The vulnerability, which is tracked as CVE-2015-0313 in the Common Vulnerabilities and Exposures database, affects Flash Player on all supported platforms: Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Mac OS X; Adobe Flash Player 13.0.0.264 and earlier 13.x versions; and Adobe Flash Player 11.2.202.440 and earlier versions for Linux.
Flash Player plagued by third zero-day flaw in a month, but updates are coming | PCWorld


My System SpecsSystem Spec
.
02 Feb 2015   #2
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Again already?

I notice that the article mentions malvertising and ads with flash content. It also mentions "Click to Play"

So for Firefox users:

As for flash content I tend to use this FF add on in Cyberfox 64bit browser (no java enabled or even installed).

Restore Plugins Click To Play Per Element

It enables content only for the chosen element rather than the whole page. In the image shown below - if you click the "Allow Now" button it activates flash for the whole webpage/ website. If you click the green arrow "Activate Adobe Flash" - it's only activated for that element on the page/



There's a similar feature built into the version of Opera that I'm using and it doesn't require an add on to activate it. I can't comment on IE as I don't often use it except to say that I never found a way to selectively enable flash content in IE.

More info on configuration:

Uninstalled Adobe Flash Player - YouTube Still Works Fine
My System SpecsSystem Spec
02 Feb 2015   #3
Tookeri

Windows 7 Pro 32
 
 

First I thought this thread had to be a duplicate of the previous and newly reported Flash zero-day, but unfortunately I was wrong. On the upside, from what I've read the previous zero-day was blocked by both EMET and MBAE, so having one of those installed do make a difference.

Another good thing: I get to test once again how fast/slow Flash's auto-update is

Callender, good advice on Click-to-play. IE has Active-X filtering which works like on/off per site. After you enable Active-X filtering you have to turn if off per site.
You could also go to manage add-ons and doubleclick on Shockwave Flash to see what sites are approved for it to run.
My System SpecsSystem Spec
.

02 Feb 2015   #4
groze

W10 32 bit, XUbuntu 18.xx 64 bit
 
 

Unfortunately most movies/shows are in flash. I thought I would ask this over here instead. Can you still use flash in Google chrome? The reason flash is sand boxed in chrome and possibly in chromium as well.
My System SpecsSystem Spec
02 Feb 2015   #5
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

I believe in ie it manage add-ons and switch to Show- Run without permissions,
It's a shocking list
My System SpecsSystem Spec
02 Feb 2015   #6
Tookeri

Windows 7 Pro 32
 
 

I have Flash in that list, but I also have Active-X filtering enabled, so you can't trust that list. But I know I can trust the fact that Flash won't start automatically on a new site unless I first approve it.
My System SpecsSystem Spec
02 Feb 2015   #7
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

If the wording is correct I doubt active x filtering would matter,
Most would have to also be set in the player options too,
Run without permissions is pretty clear description
My System SpecsSystem Spec
.
02 Feb 2015   #8
Tookeri

Windows 7 Pro 32
 
 

Yes it's a pretty clear..... mistake by MS
My System SpecsSystem Spec
02 Feb 2015   #9
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

MS built in flash because users wanted it,
I didn't but other people not able to figure out how to make sure it's 1 downloaded 2 updated 3 enabled to watch their stupid little videos on many websites including youtube.

Got to give the morons what they want
My System SpecsSystem Spec
03 Feb 2015   #10
Tookeri

Windows 7 Pro 32
 
 

Found this advice for IE:

Enabling Click-to-Play for Flash in Internet Explorer

Click the gear icon on Internet Explorerís toolbar and select Manage Add-ons.
Select Toolbars and Extensions, and choose Show All add-ons. Locate the Shockwave Flash Object plugin under Adobe Systems Incorporated. Double-click on it, and then click Remove All Sites to remove the default * (which allows all websites to run Flash).
My System SpecsSystem Spec
Reply

 Flash Player plagued by third zero-day flaw in a month




Thread Tools




Similar help and support threads
Thread Forum
Emergency Flash Player patch fixes zero-day critical flaw
Emergency Flash Player patch fixes zero-day critical flaw | PCWorld
News
Users Remain Vulnerable to Flash Exploits After Upgrading Flash Player
Yet another reason to use an alternative to Adobe Reader.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:08.
Twitter Facebook