Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Acrobat 8.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
gsinkinson Adobe Acrobat 8.x
Member 27th Mar, 2009 17:20
Ranking: 0
Posts: 1
User Since: 5th Dec, 2008
System Score: N/A
Location: N/A
Secunia PSI v1.0.0.4 reports Adobe Acrobat v8.1.3.187 is insecure.
Install Path: c:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

Adobe Acrobat 8 Professional v8.1.4 is installed.
Install path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

What is the problem and any idea when will it be fixed?

Hardy Frandsen RE: Adobe Acrobat 8.x
Member 28th Mar, 2009 10:46
Score: 0
Posts: 6
User Since: 31st Jan 2009
System Score: N/A
Location: N/A
on 27th Mar, 2009 17:20, gsinkinson wrote:
Secunia PSI v1.0.0.4 reports Adobe Acrobat v8.1.3.187 is insecure.
Install Path: c:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

Adobe Acrobat 8 Professional v8.1.4 is installed.
Install path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

What is the problem and any idea when will it be fixed?

Was this reply relevant?
+0
-0
genegold99 RE: Adobe Acrobat 8.x
Member 28th Mar, 2009 11:22
Score: 5
Posts: 128
User Since: 25th Nov 2008
System Score: N/A
Location: US
on 27th Mar, 2009 17:20, gsinkinson wrote:
Secunia PSI v1.0.0.4 reports Adobe Acrobat v8.1.3.187 is insecure.
Install Path: c:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

Adobe Acrobat 8 Professional v8.1.4 is installed.
Install path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

What is the problem and any idea when will it be fixed?


I have the same problem. I updated to Acrobat Pro 8.1.4 on the day it was posted, and thus my Acrobat.exe file shows as version 8.1.0.137. PSI shows it as 8.1.3.187 (I've checked the location). What I don't know is whether this time there's a programming error re the version code in acrobat.exe, or if it's a PSI problem. My experience is that PSI has difficulty with properly identifying Adobe Acrobat Pro, at least version 8.
Was this reply relevant?
+0
-0
billmet RE: Adobe Acrobat 8.x
Member 28th Mar, 2009 11:39
Score: 0
Posts: 3
User Since: 14th Nov 2008
System Score: N/A
Location: N/A
on 27th Mar, 2009 17:20, gsinkinson wrote:
Secunia PSI v1.0.0.4 reports Adobe Acrobat v8.1.3.187 is insecure.
Install Path: c:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

Adobe Acrobat 8 Professional v8.1.4 is installed.
Install path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

What is the problem and any idea when will it be fixed?

Was this reply relevant?
+0
-0
thealfred RE: Adobe Acrobat 8.x
Member 28th Mar, 2009 21:50
Score: 0
Posts: 1
User Since: 16th Feb 2008
System Score: N/A
Location: N/A
Looks like PSI checks for Acrobat.exe as the Insecure application, but Adobe updated Acrobat.dll
Acrobat.exe shows ver.8.1.0.2007051100
Acrobat.dll is @ ver.8.1.4.2009030300

It looks like PSI is checking the wrong file.
Was this reply relevant?
+0
-0
wr RE: Adobe Acrobat 8.x
Contributor 28th Mar, 2009 22:58
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Secunia PSI detects all programs/remnants. Unfortunately not all updates/patches remove/overwrite the old files. This is a known problem with Java. Follow this link for solution(s):
http://secunia.com/community/forum/thread/show/632

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
genegold99 RE: Adobe Acrobat 8.x
Member 28th Mar, 2009 23:26
Score: 5
Posts: 128
User Since: 25th Nov 2008
System Score: N/A
Location: US
on 28th Mar, 2009 22:58, wr wrote:
Secunia PSI detects all programs/remnants. Unfortunately not all updates/patches remove/overwrite the old files. This is a known problem with Java. Follow this link for solution(s):
http://secunia.com/community/forum/thread/show/632...

Your point is a good one, but I'm not seeing how it applies here. PSI is identifying Acrobat.exe as insecure, and there is no other copy. Wouldn't Adobe know its own executable?
Was this reply relevant?
+0
-0
wr RE: Adobe Acrobat 8.x
Contributor 28th Mar, 2009 23:48
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
OOps-sorry-what with all the muddle by both Java & Adobe it's quite easy to reply to the wrong thread. Don't know if anyone else has noticed but everytime these 2 vendors have an update the forum is flooded with requests.

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Acrobat 8.x
Handling Contributor 29th Mar, 2009 01:07
Score: 11777
Posts: 9,030
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@ genegold99

I suspect U are correct. U may not have seen this thread
http://secunia.com/community/forum/thread/show/156...

Perhaps a bit more tinkering is required to correctly identify problems for those wishing to keep versions 7 & 8

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
wr RE: Adobe Acrobat 8.x
Contributor 29th Mar, 2009 01:23
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Thanks Maurice hope you're having a jolly weekend.
Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
genegold99 RE: Adobe Acrobat 8.x
Member 29th Mar, 2009 01:52
Score: 5
Posts: 128
User Since: 25th Nov 2008
System Score: N/A
Location: US
on 29th Mar, 2009 01:07, Maurice Joyce wrote:
@ genegold99

I suspect U are correct. U may not have seen this thread
http://secunia.com/community/forum/thread/show/156...

Perhaps a bit more tinkering is required to correctly identify problems for those wishing to keep versions 7 & 8


What is it that we should pick up from that thread? Secunia's rep, M Hansen, refers to a couple of installation notes, but I can't find them anywhere.

From my experience trying to work through Adobe versions and PSI's warnings over the past few months, I think it's necessary to note that the Acrobat.exe file version is not the same as the posted Adobe version number (e.g., currently 8.1.4). It's other files, such as the .dll, that pick up the current number. That's confusing for users who are not onto it, but that's the way Adobe does it.
Was this reply relevant?
+0
-0
Kurosh RE: Adobe Acrobat 8.x
Member 30th Mar, 2009 20:08
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
on 29th Mar, 2009 01:52, genegold99 wrote:
What is it that we should pick up from that thread? Secunia's rep, M Hansen, refers to a couple of installation notes, but I can't find them anywhere.

From my experience trying to work through Adobe versions and PSI's warnings over the past few months, I think it's necessary to note that the Acrobat.exe file version is not the same as the posted Adobe version number (e.g., currently 8.1.4). It's other files, such as the .dll, that pick up the current number. That's confusing for users who are not onto it, but that's the way Adobe does it.


Hi All,

This is a known issue:

(unknown source)
Hi
Thank you for contacting Secunia Support

We are aware of the problem, and we will fix it shortly.

The problem is the updated file does not include the .exe file on which we normally use to detect the file version.


--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal...
Was this reply relevant?
+0
-0
M.Hansen RE: Adobe Acrobat 8.x
Secunia Official 2nd Apr, 2009 08:37
Score: 188
Posts: 410
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi!

We have now updated the detection rules for Adobe Acrobat.

Adobe did not update the main .exe file we normally use to detect the version number, that was why the PSI would still flag Adobe Acrobat 8.x as insecure even if it was patched.


I would like to thank our users for the patience and help in this matter. Thank you!


--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal
genegold99 RE: Adobe Acrobat 8.x
Member 2nd Apr, 2009 19:03
Score: 5
Posts: 128
User Since: 25th Nov 2008
System Score: N/A
Location: US
Thanks, but what one hand gives...

It looks like the changes also had the effect of turning some Adobe Java.exe files insecure - and, of course, VLC Player again! That's fine (Adobe, that is), but what happened a week or two ago when the update for JRE 6 v. 13 came out (and I updated it)?
Was this reply relevant?
+0
-0
capchris RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 02:33
Score: 0
Posts: 5
User Since: 4th May 2008
System Score: 96%
Location: Edinburgh, UK
You state that you have now amended the rule, but I have just rescanned after deleting a rule I made to ignore Acrobat and still find that Secunia picks up Adobe Acrobat 8.1.4 as version 8.1.3.187 so it is still seeing it as insecure.

Vista Ultimate 32 bit
Dual 2.4Ghz processors
4GB ram
Was this reply relevant?
+0
-0
Kurosh RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 03:42
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
on 2nd Apr, 2009 19:03, genegold99 wrote:
Thanks, but what one hand gives...

It looks like the changes also had the effect of turning some Adobe Java.exe files insecure - and, of course, VLC Player again! That's fine (Adobe, that is), but what happened a week or two ago when the update for JRE 6 v. 13 came out (and I updated it)?


Java isn't related to Adobe... it's made by Sun Microsystems. Check to see (Add / Remove Programs) if you still have any older versions of Java installed? Also, provide the full path to the files that PSI is detecting as insecure. The detections may not be related to currently installed programs.

See: http://secunia.com/vulnerability_scanning/personal...

Best Wishes,
Kurosh
Was this reply relevant?
+0
-0
Kurosh RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 03:46
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
on 3rd Apr, 2009 02:33, capchris wrote:
You state that you have now amended the rule, but I have just rescanned after deleting a rule I made to ignore Acrobat and still find that Secunia picks up Adobe Acrobat 8.1.4 as version 8.1.3.187 so it is still seeing it as insecure.


The rescan for me shows Adobe Acrobat 8.1.4 as now secure. Did you rescan just this one program, or did you do a full scan?

See: http://secunia.com/vulnerability_scanning/personal...

Best Wishes,
Kurosh
Was this reply relevant?
+0
-0
genegold99 RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 07:55
Score: 5
Posts: 128
User Since: 25th Nov 2008
System Score: N/A
Location: US
on 3rd Apr, 2009 03:42, Kurosh wrote:
Java isn't related to Adobe... it's made by Sun Microsystems. Check to see (Add / Remove Programs) if you still have any older versions of Java installed? Also, provide the full path to the files that PSI is detecting as insecure. The detections may not be related to currently installed programs.

See: http://secunia.com/vulnerability_scanning/personal...

Best Wishes,
Kurosh


It sounds like you haven't kept up on the security news about Adobe over the past month. Adobe came out with the v.9 and the 8.1.4 updates because of vulnerabilities with Java's plug-in and some of Adobe's programs, such as Reader. Abode CS3 (and presumably CS4) installed and uses java.exe in some of its applications. Between last night and this morning they turned insecure, according to PSI, although the thing is they actually became insecure a week or two ago, whenever JRE 6 v13 came out.
Was this reply relevant?
+0
-0
Kurosh RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 08:15
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
on 3rd Apr, 2009 07:55, genegold99 wrote:
It sounds like you haven't kept up on the security news about Adobe over the past month. Adobe came out with the v.9 and the 8.1.4 updates because of vulnerabilities with Java's plug-in and some of Adobe's programs, such as Reader. Abode CS3 (and presumably CS4) installed and uses java.exe in some of its applications. Between last night and this morning they turned insecure, according to PSI, although the thing is they actually became insecure a week or two ago, whenever JRE 6 v13 came out.


Would you like help with what is considered "insecure", or are you simply ranting? :) Considering PSI is a free program, and those with it are undoubtedly a lot more secure than those without, I don't know that we can complain all that much. If you're noticing a problem with PSI, I'm sure you can report it to them and they'd be happy to correct the issue.

Best Wishes,
Kurosh
Was this reply relevant?
+0
-0
genegold99 RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 08:34
Score: 5
Posts: 128
User Since: 25th Nov 2008
System Score: N/A
Location: US
on 3rd Apr, 2009 08:15, Kurosh wrote:
Would you like help with what is considered "insecure", or are you simply ranting? :) Considering PSI is a free program, and those with it are undoubtedly a lot more secure than those without, I don't know that we can complain all that much. If you're noticing a problem with PSI, I'm sure you can report it to them and they'd be happy to correct the issue.

Best Wishes,
Kurosh


You seem to have a penchant for jumping headlong into subjects about which you are uninformed. If you pay attention here, a number of us have reported since late November that perioidcally, in my case one or more times every several days, PSI turns acrobat.exe and VLC Player insecure, then secure again upon rescan. Free or not, there's a bug that PSI was informed of early on and refuses - hopefully past tense with Adobe - to acknowledge or fix. That bug appeared again yesterday with the Adobe version fix.
Was this reply relevant?
+0
-0
Kurosh RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 08:40
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
Last edited on 3rd Apr, 2009 08:42
on 3rd Apr, 2009 08:34, genegold99 wrote:
You seem to have a penchant for jumping headlong into subjects about which you are uninformed. If you pay attention here, a number of us have reported since late November that perioidcally, in my case one or more times every several days, PSI turns acrobat.exe and VLC Player insecure, then secure again upon rescan. Free or not, there's a bug that PSI was informed of early on and refuses - hopefully past tense with Adobe - to acknowledge or fix. That bug appeared again yesterday with the Adobe version fix.


If I am uninformed about an issue, a simply reference to background material would suffice ... not an attack on a person's character or knowledge. On that same subject, if you spent five minutes reading my other replies to other people's questions / issues on this forum, you might see that several of them replied with "thanks" as I was able to point them in the right direction towards resolution of their problems. I don't see that as being "uninformed", do you?

I initially joined the forums to address the issue of Adobe Acrobat 8.1.4, since I had done what Secunia had suggested to do in their FAQ (linked in a previous response to what I believed was a question on your part), and they did indeed report back that they were aware of the issue and were working on a fix. If the fix has caused another bug, perhaps it would be prudent for you to follow the same path?

Best Wishes,
Kurosh
Was this reply relevant?
+0
-0
capchris RE: Adobe Acrobat 8.x
Member 3rd Apr, 2009 15:09
Score: 0
Posts: 5
User Since: 4th May 2008
System Score: 96%
Location: Edinburgh, UK
I have rechecked the updates and whereas I had downloaded the update from 8.1.3.187 to 8.1.4 I had not realised there was another update to 8.1.4. I have now downloaded the latest update and have no problems showing on PSI.
Secunia PSI is an excellent programme for monitoring security problems. Thank you very much.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer