You need to be logged in to post in the forum - Log In
An active JCE Pro Subscription is required to post in the forum - Buy a Subscription
- Support
- Forum
- JCE Editor
- mediaplayer.swf virus ?
Support is currently Offline
Official support hours:
Monday To Friday
From 09:00 To 17:00 Europe/London (BST)
From 09:00 To 17:00 Europe/London (BST)
Please post your question in the Forum and we will get back to you as soon as we can.
Hi,
i just got a mail from my antivirus saying following:
components/com_jce/editor/libraries/mediaplayer/mediaplayer.swf: Swf.Exploit.CVE_2015_5548 FOUND
media/jce/mediaplayer/mediaplayer.swf: Swf.Exploit.CVE_2015_5548 FOUND
is this a false positive or is there a real security bug in thoose file ?
also i only find the one in component in the zip, is the one in media an old version that can safely be deleted or what ?
regards
Jesper
i just got a mail from my antivirus saying following:
components/com_jce/editor/libraries/mediaplayer/mediaplayer.swf: Swf.Exploit.CVE_2015_5548 FOUND
media/jce/mediaplayer/mediaplayer.swf: Swf.Exploit.CVE_2015_5548 FOUND
is this a false positive or is there a real security bug in thoose file ?
also i only find the one in component in the zip, is the one in media an old version that can safely be deleted or what ?
regards
Jesper
The mediaplayer.swf is actually Adobe's Strobe Media Playback player - https://blogs.adobe.com/osmf/2011/09/announcing-osmf-and-strobe-media-playback-1-6.html
Unfortunately it has not been updated for some time, and I have not been able to find a suitable alternative.
http://sourceforge.net/adobe/smp/home/Strobe%20Media%20Playback/
It is possible that given the number of vulnerabilities in Adobe Flash discovered recently, that this version of Strobe Media Playback does indeed contain one of these vulnerabilities, which is what the virus scanner is detecting.
The same version of Strobe Media Playback has been included in JCE for many previous releases, so I suspect that the reason the vulnerability is being discovered now is due to an update in the virus scanner definitions.
Please delete
and
I will release an update this week which will also remove and replace this file.
Unfortunately it has not been updated for some time, and I have not been able to find a suitable alternative.
http://sourceforge.net/adobe/smp/home/Strobe%20Media%20Playback/
It is possible that given the number of vulnerabilities in Adobe Flash discovered recently, that this version of Strobe Media Playback does indeed contain one of these vulnerabilities, which is what the virus scanner is detecting.
The same version of Strobe Media Playback has been included in JCE for many previous releases, so I suspect that the reason the vulnerability is being discovered now is due to an update in the virus scanner definitions.
Please delete
components/com_jce/editor/libraries/mediaplayer/mediaplayer.swf
and
media/jce/mediaplayer/mediaplayer.swf
I will release an update this week which will also remove and replace this file.
Just because you're not paranoid doesn't mean everybody isn't out to get you.
The mediaplayer.swf is actually Adobe's Strobe Media Playback player - https://blogs.adobe.com/osmf/2011/09/announcing-osmf-and-strobe-media-playback-1-6.html
Unfortunately it has not been updated for some time, and I have not been able to find a suitable alternative.
http://sourceforge.net/adobe/smp/home/Strobe%20Media%20Playback/
It is possible that given the number of vulnerabilities in Adobe Flash discovered recently, that this version of Strobe Media Playback does indeed contain one of these vulnerabilities, which is what the virus scanner is detecting.
The same version of Strobe Media Playback has been included in JCE for many previous releases, so I suspect that the reason the vulnerability is being discovered now is due to an update in the virus scanner definitions.
Please delete
and
I will release an update this week which will also remove and replace this file.
Unfortunately it has not been updated for some time, and I have not been able to find a suitable alternative.
http://sourceforge.net/adobe/smp/home/Strobe%20Media%20Playback/
It is possible that given the number of vulnerabilities in Adobe Flash discovered recently, that this version of Strobe Media Playback does indeed contain one of these vulnerabilities, which is what the virus scanner is detecting.
The same version of Strobe Media Playback has been included in JCE for many previous releases, so I suspect that the reason the vulnerability is being discovered now is due to an update in the virus scanner definitions.
Please delete
components/com_jce/editor/libraries/mediaplayer/mediaplayer.swf
and
media/jce/mediaplayer/mediaplayer.swf
I will release an update this week which will also remove and replace this file.
Just because you're not paranoid doesn't mean everybody isn't out to get you.
This appears to be relevant - http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Exploit:SWF/CVE-2014-0515
I would imagine that if you have the latest version of Adobe Flash installed (which you should!), then this would not be an issue, as the vulnerability is in Adobe Flash itself.
The following versions of Adobe Flash Player are vulnerable:
Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux
I would imagine that if you have the latest version of Adobe Flash installed (which you should!), then this would not be an issue, as the vulnerability is in Adobe Flash itself.
Just because you're not paranoid doesn't mean everybody isn't out to get you.
more than a month ago
·
#83537
Hi Ryan,
Here is the result on my servers :
FILE HIT LIST:
{CAV}Swf.Exploit.CVE_2015_5548 : /plugins/system/jcemediabox/mediaplayer/mediaplayer.swf
{CAV}Swf.Exploit.CVE_2015_5548 : /media/jce/mediaplayer/mediaplayer.swf
{CAV}Swf.Exploit.CVE_2015_5548 : /components/com_jce/editor/libraries/mediaplayer/mediaplayer.swf
===============================================
Linux Malware Detect v1.5 < This email address is being protected from spambots. You need JavaScript enabled to view it. >
_____
Alain
Here is the result on my servers :
FILE HIT LIST:
{CAV}Swf.Exploit.CVE_2015_5548 : /plugins/system/jcemediabox/mediaplayer/mediaplayer.swf
{CAV}Swf.Exploit.CVE_2015_5548 : /media/jce/mediaplayer/mediaplayer.swf
{CAV}Swf.Exploit.CVE_2015_5548 : /components/com_jce/editor/libraries/mediaplayer/mediaplayer.swf
===============================================
Linux Malware Detect v1.5 < This email address is being protected from spambots. You need JavaScript enabled to view it. >
_____
Alain
more than a month ago
·
#83540
So are we waiting for an update of JCE?
I also want to delete the files if there are possible exploits.
I also want to delete the files if there are possible exploits.
I also want to delete the files if there are possible exploits.
As I said in a previous post, I don't think the files are exploits in themselves, but may be vulnerable if you are running an old version of Adobe Flash.
You can delete the files manually for now, as instructed above.
As I need to provide an alternative for sites that are using the mediaplayer to play back flv and mp4 files, some work needs to be done before an update can be released.
Just because you're not paranoid doesn't mean everybody isn't out to get you.
I'm not 100% sure about this, but this appears to be a false positive, and the updated ClamAV database no longer detects Swf.Exploit.CVE_2015_5548 in mediaplayer.swf, using https://www.virustotal.com (when it did yesterday).
This discussion regarding Swf.Exploit.CVE_2015_5548 and ClamAV is relevant - http://www.gossamer-threads.com/lists/clamav/users/64797
I should also note here that ClamAV was the only virus detection engine on https://www.virustotal.com that detected Swf.Exploit.CVE_2015_5548 in the file.
Here is the analysis of the file run a few minutes ago - https://www.virustotal.com/en/file/470eb9677c0ee9161e4067f516899b8d86a21e2a07f37cc0b2136fc384887f43/analysis/1447924393/
This discussion regarding Swf.Exploit.CVE_2015_5548 and ClamAV is relevant - http://www.gossamer-threads.com/lists/clamav/users/64797
I should also note here that ClamAV was the only virus detection engine on https://www.virustotal.com that detected Swf.Exploit.CVE_2015_5548 in the file.
Here is the analysis of the file run a few minutes ago - https://www.virustotal.com/en/file/470eb9677c0ee9161e4067f516899b8d86a21e2a07f37cc0b2136fc384887f43/analysis/1447924393/
Just because you're not paranoid doesn't mean everybody isn't out to get you.
Hi Ryan
As a point if interest: the only time I have been getting the virus message, was on new sites where I wanted to install the editor - it just wouldn't let me!
I had to extract the file, delete the mediaplayer in
rezip the file and then I could install it. So for new sites, that's the only way I found.
The same thing with the mediabox plugin at
Tiresome.
Hope that helps someone
Regards
As a point if interest: the only time I have been getting the virus message, was on new sites where I wanted to install the editor - it just wouldn't let me!
I had to extract the file, delete the mediaplayer in
components/com_jce/editor/libraries/mediaplayer/mediaplayer.swf
rezip the file and then I could install it. So for new sites, that's the only way I found.
The same thing with the mediabox plugin at
plugins/system/jcemediabox/mediaplayer/mediaplayer.swf
Tiresome.
Hope that helps someone
Regards
This appears to be a false positive anyway, as the latest ClamAV update does not flag it - https://www.virustotal.com/en/file/470eb9677c0ee9161e4067f516899b8d86a21e2a07f37cc0b2136fc384887f43/analysis/1447924393/
Ask you host to update the ClamAV definitions list.
Ask you host to update the ClamAV definitions list.
Just because you're not paranoid doesn't mean everybody isn't out to get you.
it was a false positive.
See here the answer from the hoster in german: http://www.joomlaportal.de/joomla-3-x-sicherheit/322982-virus-fund-mediaplayer-swf-de-jce.html#post1607639
See here the answer from the hoster in german: http://www.joomlaportal.de/joomla-3-x-sicherheit/322982-virus-fund-mediaplayer-swf-de-jce.html#post1607639
- Page :
- 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Be one of the first to reply to this post!