Ryosagi wrote: File: NPSWF32_31_0_0_122.dll
Path: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_31_0_0_122.dll
Version: 31.0.0.122
State: Enabled (STATE_VULNERABLE_UPDATE_AVAILABLE)
Shockwave Flash 31.0 r0
STATE_VULNERABLE_UPDATE_AVAILABLE means the plugin is in Block List.
However, blocked version is up to 30.0.0.113.
Latest {profile_dir}/blocklist.xml has
Code: Select all
<pluginItem blockID="832dc9ff-3314-4df2-abcf-7bd65a645371">
<match exp="(NPSWF32.*\.dll)|(NPSWF64.*\.dll)|(Flash\ Player\.plugin)" name="filename"/>
<infoURL>https://get.adobe.com/flashplayer/</infoURL>
<versionRange maxVersion="30.0.0.113" minVersion="0" severity="0" vulnerabilitystatus="1"/>
</pluginItem>
{profile_dir}/blocklist-plugins.json as well.
Code: Select all
{
"schema": 1536613346178,
"details": {
"bug": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490097",
"why": "Old versions of the Flash Player plugin have known vulnerabilities. All users are strongly recommended to check for updates <a href=\"https://get.adobe.com/flashplayer/\">on Adobe's Flash page</a>.",
"name": "Flash Player Plugin 30.0.0.113 and older (click-to-play)"
},
"enabled": true,
"infoURL": "https://get.adobe.com/flashplayer/",
"versionRange": [
{
"severity": 0,
"maxVersion": "30.0.0.113",
"minVersion": "0",
"vulnerabilityStatus": 1
}
],
"matchFilename": "(NPSWF32.*\\.dll)|(NPSWF64.*\\.dll)|(Flash\\ Player\\.plugin)",
"id": "832dc9ff-3314-4df2-abcf-7bd65a645371",
"last_modified": 1536613417349,
"_status": "synced"
},
So, 31.0.0.122 cannot be flagged as STATE_VULNERABLE_UPDATE_AVAILABLE in normal circumstances.