Flash Player 11.8.800.94 Critical Vulnerability

Forum|Forum|12 years ago
August 4, 2013
1 reply
1523 views

Greetings.

To my horror I just discovered on our webpages, with Plash Player enabled in the latest versions of IE and Firefox that at our commercial website (supremefulvic.com) advertising links are randomly being added to words on our webpage!!!! Through our hosting provider tech support I discovered that Flash Player 11.8.800.94 was the culprit. I disabled the Flash Player add-ons and all of the intrusive ad-links dissappeare. I then enabled Flash Player and all of the abusive unwanted ad-links re-appeared. Please research ASAP as I believe Flash Player has a vulnerability. This is absolutely abuse from Flash Player.

Thank you in advance.

Bill Galkowski, chief operating manager / web developer

Supreme Fulvic, LLC

www.supremefulvic.com

This topic has been closed for replies.

C_F_McBlob

Inspiring

Bill,

Here's the problem with your assertion. Flash Player on a visitor's computer has NOTHING AT ALL to do with:

the security of your website,

it's Flash content or

the code used to embed Flash objects in your pages.

That theory (Flash Player is causing unwanted ads to appear on your website) is essentially like saying someone's DVD player at home is putting posters up in your video store.

Flash Player (on someone's computer can ONLY play the content you have embedded into your site, and at most, return cookies, or... if you have cam chat employed in your site, video data - but then you'd be responsible for restricting what comes in from visitors.

Your hosting tech support people are grossly mistaken if they believe that a player plugin on someone's computer can "magically" place unwanted content on your site.
I don't see any "rogue content" in your HTML code, and I don't see anything out of the ordinary in Firefox, Opera, Chrome or Safari.

Can you provide a screenshot of one of these "unwanted ads"?

B

Bill_G__SFLLCAuthor

Participant

Shockwave Flash add-on is what the software is, not Flash Player, my mistake, sorry. Anyway, I discovered what the problem was. When I downloaded and installed Shockwave Flash a day or so ago somehow along with the Shockwave Flash installation some type a ad software was coupled with the download and it go inadvertantly installed on my computer. I am always very cautious when installing software so as NOT to install anything other than what I specifically want to install. That ad software was integrated into my browsers with Shockwave Flash, and that ad software, through the browser using Shockwave Flash was targeting various keywords on all of the webpages I viewed with the browsers. When I disable Shockwave Flash the hyperlinks no longer appeared on the various keywords, and when I re-enabled Shockwave Flash the keywords were again turned into ad links. After my initial post here I did some more research and in one of the forums someone mentioned to check the installed programs through the Windows control panel and see if any type of ad software was installed. Well, I did check, and I discovered an installation of some type of ad software and I uninstalled it. My bad for not writing down the name of that software, and I humbly apologize for not doing so. After I uninstalled it those links did not appear on any of the web pages I visited. So, the problem was not Shockwave Flash, rather, it was that software that was USING Shockwave Flash to carry out its mission. So, if anyone else discovers those ad links appearing in their web pages they need to check the installed programs and see if any type of ad software is intalled, then if it is there, uninstall it.

By the way, thank you C F McBlob for your response.

C_F_McBlob

Inspiring

Bill_Galkowski wrote:
So, if anyone else discovers those ad links appearing in their web pages they need to check the installed programs and see if any type of ad software is intalled, then if it is there, uninstall it.

Lesson from this:

DO NOT install Flash Player, Shockwave, or ANY "video player updates" from ANYWHERE but the developer's website.

I fix about ten systems a month that are totally taken hostage by so-called "video updaters" from unscrupulous sites.

And FWIW...

Those links ARE NOT and WERE NOT on your site. I know. I looked at your source code. The ad software that hijacked your browser was creating them based on script it placed on your system in your browsers.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded