Umesh,
CVA still does not detect the vulnerable flash.ocx that is installed default with Windows.
This is not a normal install but shipped with Windows, even brought back to the system when installing SP3.
The browser loads this vulnerable flash version, yet CVA does not report it probably because there is not install/uninstall information available.
Is it possible to check these kind of vulnerabilities also ?
Also .NET and MDAC don't get detected.
[attachment deleted by admin]