navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Acrobat Pro 9.4.7.8 shows as insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Acrobat 9.x

This thread has been marked as locked.
asonzogni Acrobat Pro 9.4.7.8 shows as insecure
Member 20th Dec, 2011 21:59
Ranking: 0
Posts: 2
User Since: 20th Dec, 2011
System Score: N/A
Location: US
A scan revealed this message

"This program was detected as Insecure, it is strongly recommended that you apply the latest security patch from the vendor of the program.

The version detected of Adobe Acrobat 9.x was 9.4.7.8 while the latest version including one or more security fixes is 9.4.7."



As you can see I am at 9.4.7.8 and your own product says I am higher then what it considers a problem, yet it is still flagged on followup scans.

9.4.7.8 is the latest update from Adobe, and when I run the updater inside Acrobat it is listed as up to date, so hopefully you folks can provide soem insight to this matter.

Thanks you for your time and attention,
Adam

floyd413 RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 21st Dec, 2011 19:10
Score: 3
Posts: 11
User Since: 10th Nov 2011
System Score: N/A
Location: US
I agree. There is something funny with the version numbers it detects as secure for instance here is a screen shot of my csi console http://www.mediafire.com/?g6l6fy3r3znb7pr
9.4.7.8 is insecure along with 9.3.0 , but when we get to 9.4.5 it is marked as patched. I believe the manufacturers recommendation is upgrade to 9.4.7 so why the difference here?
Was this reply relevant?
+0
-0
videoguy RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 21st Dec, 2011 20:44
Score: 0
Posts: 1
User Since: 18th Mar 2011
System Score: N/A
Location: US
I am having the same problem.

--
vidiat
Was this reply relevant?
+0
-0
thorgull RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 23rd Dec, 2011 09:33
Score: 1
Posts: 3
User Since: 23rd Aug 2010
System Score: N/A
Location: NL
I also had the same, but try to click on "Install solution" from PSI, instead of using the "Check updates" button from acrobat that does not flag any update.

After installing the downloaded package, Acrobat will show version number 9.4.7 but PSI will show version number 9.4.7.11, > 9.4.7.8
Was this reply relevant?
+0
-0
asonzogni RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 23rd Dec, 2011 18:24
Score: 0
Posts: 2
User Since: 20th Dec 2011
System Score: N/A
Location: US
Thorgull,

I used the Secunia path to the patch also with no change in results. I even tried it again today and I am still at 9.4.7.8.

Any other ideas?
Was this reply relevant?
+0
-0
Anselm RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 30th Dec, 2011 10:40
Score: 7
Posts: 38
User Since: 7th Jul 2008
System Score: N/A
Location: DE
I don't understand the PSI messages regarding Acobe Acrobat 9.x:

Detected version: 9.4.7.8
Latest Version - patching one or more vulnerabilities: 9.4.7

9.4.7 is higher than 9.4.7.8?

My Adobe Acrobat shows version 9.4.7.
Checking for updates Adobe Acrobat shows: "No updates available"

And now?

Regards, Anselm

--
Secunia PSI 3.0
Windows 7 Professional 64 Bit SP1
Intel Core i5-2430M CPU 2.4 GHz 8 GB RAM
Was this reply relevant?
+0
-0
dguzman_csi RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 30th Dec, 2011 20:56
Score: 0
Posts: 9
User Since: 31st Mar 2011
System Score: N/A
Location: US
Same here.

Secunia CSI says 9.4.7.8 is insecure, update to 9.4.7.11, but Acrobate says no update available, and the Package creator thing in Secunia won't let me create an update package for it either.
Was this reply relevant?
+0
-0
mogs RE: Acrobat Pro 9.4.7.8 shows as insecure
Expert Contributor 30th Dec, 2011 23:09
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Found the following info. here :-
http://www.adobe.com/support/downloads/detail.jsp?... Adobe Acrobat 9.4.7 Pro, Pro Extended, Standard update - All languages

This update provides mitigation for security issues. For more detail, see the Release Notes.

This is an out of cycle security update for all languages listed in the Release Notes (the update can be applied to any language version).

FILE INFORMATION
Product Acrobat
Version 9.4.7
Platform Windows
File Name AcrobatUpd947_all_incr.msp
File Size 4.5MB
Proceed to Download


SYSTEM REQUIREMENTS

This release supports most of the base system requirements for Acrobat 9.x. Requirements may change for each release. For a list of support that has been added and dropped for each dot release, refer to the Release Notes.

INSTALLATION INSTRUCTIONS

This update requires that Adobe Acrobat 9.4.6 is installed on your system. To determine which version you have currently installed, choose Help > About Adobe Acrobat. After verifying that you have the requisite version installed, download the update file and double-click it to begin the update process.


It would therefore appear that it can only be accessed as an incremental patch if already using 9.4.6

Hope it's of some help...........



--
Was this reply relevant?
+1
-0
sbeckstrand RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 31st Dec, 2011 04:22
Score: 1
Posts: 7
User Since: 7th Nov 2011
System Score: N/A
Location: US
I used the same link and file and it updated me to 9.4.7.8. There was no .11
Was this reply relevant?
+0
-0
mogs RE: Acrobat Pro 9.4.7.8 shows as insecure
Expert Contributor 31st Dec, 2011 09:00
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@sbeckstrand
I've taken the following from your post in Vulnerabilities :-

29th Dec, 2011 21:14
Score: 0
Posts: 4
User Since: 7th Nov 2011
System Score: N/A
Location: US
Last edited on 29th Dec, 2011 21:14 Upgraded to 9.4.7.8 however Secunia still reports the problem and the solution is the same update as already applied. 9.4.7.8 is the latest update from Adobe and repeated installations do nothing to help the problem.


Are you saying that you've repeatedly reverted to 9.4.6 in order to try to update to 9.4.7 ?

--
Was this reply relevant?
+1
-0
sbeckstrand RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 31st Dec, 2011 21:29
Score: 1
Posts: 7
User Since: 7th Nov 2011
System Score: N/A
Location: US
No. That is not what I indicated. I tried the link from Secunia multiple times, since it kept reporting my version as out of date and dangerous, but nothing was ever updated past 9.4.7.8. So then I went into the Adobe sight and looked for the latest update there, in case the locations were different. That file was the same update and again would not update past .8.

The update from Adobe was valid for all 9.x versions.
Was this reply relevant?
+0
-0
mogs RE: Acrobat Pro 9.4.7.8 shows as insecure
Expert Contributor 31st Dec, 2011 23:08
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@sbeckstrand

I'm sorry....I don't find your post very clear reading.....Have you at any time tried the method outlined/instructed in my post above : to patch incrementally from 9.4.6 to 9.4.7 ?
I don't use these Adobe products, but it does appear from my reading that 9.4.7 is what psi is looking for....and is the latest out of band secure update from Adobe.

I do hope I'm being helpful....it is not my intention to confuse you.....regards,

--
Was this reply relevant?
+0
-0
sbeckstrand RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 31st Dec, 2011 23:13
Score: 1
Posts: 7
User Since: 7th Nov 2011
System Score: N/A
Location: US
The problem is with Secunia, not Adobe. The latest version is 9.4.7.8 as far as Adobe indicates. However, Secunia appears to be only checking the first three places and since the fourth disagrees, continues to flag the version as out of date. Even if you have 9.4.6 and use the patch, it updates it to 9.4.7.8. We hope Secunia will notice this tread and make the necessary corrections in the database.
Was this reply relevant?
+0
-0
mogs RE: Acrobat Pro 9.4.7.8 shows as insecure
Expert Contributor 31st Dec, 2011 23:28
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 31st Dec, 2011 23:41
@sbeckstrand

Thankyou.....it seems you've done all you can to the present time.....let's hope that Secunia do pick up on this thread and clarify the situation in the near future.........
Regards...........

Edit....I have e mailed Support and asked that this thread be looked at with a view to some clarification.

--
Was this reply relevant?
+0
-0
This user no longer exists RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 2nd Jan, 2012 09:12
Hi,

Due to some issues with Adobe not updating their file information correctly, the version info found by the Secunia scan engine was different in some cases.

However, we have corrected the situation now and expect that our current results are correct.

Can you please verify for me that:

1) Any detected instance with the version number "9.4.7" or higher is shown as secure
2) That the version number detected by the PSI is the same as that shown in the About window in Acrobat

Hope this helps.
Was this reply relevant?
+0
-0
Anselm RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 2nd Jan, 2012 10:09
Score: 7
Posts: 38
User Since: 7th Jul 2008
System Score: N/A
Location: DE
PSI:
Detected version: 9.4.7.8
Up-to-date

Adobe Acrobat:
Version 9.4.7

Regards, Anselm

--
Secunia PSI 3.0
Windows 7 Professional 64 Bit SP1
Intel Core i5-2430M CPU 2.4 GHz 8 GB RAM
Was this reply relevant?
+2
-0
sbeckstrand RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 2nd Jan, 2012 11:14
Score: 1
Posts: 7
User Since: 7th Nov 2011
System Score: N/A
Location: US
Just ran a manual scan and it does report correctly and up to date. Thanks for watching and taking care of this.
Was this reply relevant?
+1
-0
fungophag RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 3rd Jan, 2012 10:48
Score: 0
Posts: 9
User Since: 7th Oct 2009
System Score: N/A
Location: N/A
on 2nd Jan, 2012 09:12, wrote:
Hi,

Due to some issues with Adobe not updating their file information correctly, the version info found by the Secunia scan engine was different in some cases.

However, we have corrected the situation now and expect that our current results are correct.

Can you please verify for me that:

1) Any detected instance with the version number "9.4.7" or higher is shown as secure
2) That the version number detected by the PSI is the same as that shown in the About window in Acrobat

Hope this helps.


Happy new year!

For myself, I'm a little unhappy since Secunia still marks version 9.4.7 of Adobe Acrobat as highly insecure even after following the advice and installing "the solution". When searching for updates from the Acrobat menu, I'm informed that this is the current version and no updates are available.

Even more glaring, according to my last scan just 10 minutes ago, Secunia recognizes my 9.4.7 version as 9.4.6.252 <sigh>.

I'm not willing to invest hundreds of for a current version of Acrobat in order to see this glowing secunia fire warning disappear.

Any bright ideas for handling this affair?

Many thanks in advance for your efforts

best regards
fungo
Was this reply relevant?
+0
-0
floyd413 RE: Acrobat Pro 9.4.7.8 shows as insecure
Member 3rd Jan, 2012 15:14
Score: 3
Posts: 11
User Since: 10th Nov 2011
System Score: N/A
Location: US
It is working from my end now, it is reported in Secunia PSI as secure and version 9.4.7 which is what Acrobat says it is in the 'about' window. I think the confusion resulted from Adobe not updating the details of the .exe file itself (when you right click the exe file it still says it is 9.4.6, and this is what Secunia PSI and CSI was picking up and using as the signature. Now they must be using some other method of detecting the version for this particular program. Thanks.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+