Re: XP SP3 Installs Older, Vulnerable Version of Flash Player

["Larry Seltzer" <larry () larryseltzer com>]

I'm pretty sure it's just the ActiveX. The advisory
(http://www.microsoft.com/technet/security/Bulletin/MS06-069.mspx) says,
among other things, "This security update installs Flash6.ocx version
6.0.88.0and removes the version of Flash.ocx it is replacing" and makes
no mention of plugins

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Jeff Kell
Sent: Monday, June 02, 2008 6:57 PM
To: funsec () linuxbox org
Subject: Re: [funsec] XP SP3 Installs Older,Vulnerable Version of Flash
Player

Dave Nelson wrote:
> IIRC Microsoft's reasoning for not shipping SP3 with a newer version
was 
> that their license for flash only covered the older version that they 
> include in the update.

Does it reinstall the older ActiveX, the older plugin [e.g., Firefox], 
or both?

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.