Changes

Flash Player

5,240 bytes removed, 10:34, 25 August 2009
Updated Flash 10 section, rewrote Flash 9 section to reflect v 9.0.246.0 release which fixes clickjacking vuln
id="flashplayer_ie"
name="Adobe Flash Player 10 for IE"
revision="520090725"
reboot="false"
priority="10">
id="flashplayer_mozilla"
name="Adobe Flash Player 10 for Mozilla/Opera"
revision="520090725"
reboot="false"
priority="10">
</source>
== Disable Automatic Update dialog in Adobe Flash Player 10 (and 9) ==
It seems that Flash checks in to the mother ship Adobe at regular bases to check if there is an update available. And if so, it presents the user with a dialog asking if he wants to upgrade Flash to the latest version, which is what we don't want when the software is managed by WPKG.To prevent this from happening, you can do the following:
* create a file named "mms.cfg" (if you don't already have it for other flash settings)
* add an entry in this file: AutoUpdateDisable=1
* this file now has to be added to the FlashPlayer installation directory during the install of the package. You can do this by just plain copying the file into that directory. Add the next lines to your Flash package:
Right after the installation:
<source lang="xml">
Or you could create a separate package for this setting.
Note: This probably also works for file will prevent current and older versions of Flash (<9), but I believe the mms.cfg file then has to be copied to the Windows\system32 directory? == Adobe Flash Player security settings for "Clickjacking" vulnerability (APSA08from auto-08) == Waiting for the next version of Flash Player to be available, you are strongly encouraged to apply the following settings for security reasons: http://www.adobe.com/support/security/advisories/apsa08-08.html. According to bulletin and to the "Adobe Flash Player Administration Guide" (you find the link in the same security bulletin): * create a file named "mms.cfg"* write in this file the lines containing the "ParameterName = ParameterValue" pairs you need, "AVHardwareDisable = 1" in this APSA08-08 case* deploy it with the following WPKG package <source lang="xml"><package id="flash-settings" name="Adobe Flash Player settings for APSA08-08 vulnerability" revision="1" reboot="false" priority="0" execute="once"> <install cmd='%COMSPEC% /c copy /Y "%SOFTWARE%\Flash\settings\mms.cfg " "%WINDIR%\system32\Macromed\Flash\" ' /></package></source> Or you could just integrate this line with the installation packages above, if you do not want to keep it as a separate packageupdating.
== Older versions ==
=== Adobe Flash Player 9.0.124246.0 for Firefox ===
You are encouraged to upgrade for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and then to apply the [http://www.adobe.com/support/security settings for "Clickjacking" vulnerability (APSA08/advisories/apsa08-08) defined below.html the click-jacking vulnerability] are both addressed in this update. It can be downloaded from [http://kb2.adobe.com/cps/406/kb406791.html here].
Installer packaged as an executable, installs as a plugin. Sometimes it is upgraded only on the second run of wpkg, it must be a timing issue between installing over previous version and checking conditions.
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
<depends package-id="firefox"/>
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.124246.0"/>
<install cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
<upgrade cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
</source>
=== Adobe Flash Player 9.0.124246.0 for Internet Explorer ===
You are encouraged to upgrade The same reasons for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and then to upgrading apply as for the security settings for "Clickjacking" vulnerability (APSA08-08) defined belowplugin version above, and it can be downloaded from the same placeInstaller It is packaged as a .msiexe file, installs as an ActiveX. You can download it from http:so presumably has the same installation/removal/fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_active_x.msi - make sure you comply with upgrade syntax as the license: http://www.adobe.com/licensing/distribution/. The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor plugin versionabove, so both this line and but the detailed ocx's file version have to be checked with a logical and conditionfollowing code has not been tested.
<source lang="xml">
<package id="flashplayerieflashplayeractivex" name="Adobe ActiveX Flash Player for Internet Explorer" revision="120090730" reboot="false" priority="0"> <check type="logical" condition="and"> <check type="file" condition="versiongreaterorequalversionequalto" path="%WINDIRSYSTEMROOT%\system32\Macromed\Flash\Flash9fFlash9c.ocx" value="9.0.124246.0"/> <check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/> </check> <install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_xinstall_flash_player_ax.msiexe /S'> <exit code="3010" reboot="true" /> </install> <upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_xinstall_flash_player_ax.msiexe /S'> <exit code="3010" reboot="true" /> </upgrade> <remove cmd='MsiExec%COMSPEC% /C if exist "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe " "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" /qn /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}S'/>
</package>
</source>
 
=== Adobe Flash Player 9.0.115.0 for Firefox ===
 
Installer packaged as an executable, installs as a plugin.
 
<source lang="xml">
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
<depends package-id="firefox"/>
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.115.0"/>
<install cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<upgrade cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
</package>
</source>
 
=== Adobe Flash Player 9.0.115.0 for Internet Explorer ===
 
Installer packaged as .msi, installs as an ActiveX. The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
 
<source lang="xml">
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
<check type="logical" condition="and">
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9e.ocx" value="9.0.115.0"/>
<check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
</check>
<install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</install>
<upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</upgrade>
<remove cmd='MsiExec.exe /qn /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}'/>
</package>
</source>
 
=== Adobe Flash Player 9.0.47.0 for Firefox ===
 
Installer packaged as an executable, installs as a plugin. Didn't test if the uninstall_plugin.exe in the remove line removes both this and Internet Explorer Flash Player ActiveX.
 
<source lang="xml">
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
<depends package-id="firefox"/>
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.47.0"/>
<install cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<upgrade cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
</package>
</source>
 
=== Adobe Flash Player 9.0.47.0 for Internet Explorer ===
 
Installer packaged as .msi, installs as an ActiveX. The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
 
<source lang="xml">
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
<check type="logical" condition="and">
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9d.ocx" value="9.0.47.0"/>
<check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
</check>
<install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</install>
<upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</upgrade>
<remove cmd='MsiExec.exe /qn /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}'/>
</package>
</source>
 
[[category:Silent Installers]]
[[category:Security Advisories]]
60
edits