Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Security threat ?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Acrobat 9.x

This thread has been marked as locked.
birch17dog Security threat ?
Member 2nd Jul, 2009 12:13
Ranking: 0
Posts: 3
User Since: 29th Jun, 2009
System Score: N/A
Location: N/A
Secunia constantly indicates that Adobe Reader 9.1.2 is a threat.
I have followed the solution link to various 3rd party recommendations
faithfully,downloaded 2 recommendations at cost with no satisfactory result.
Who is at fault ?
My PC ?
Secunia
Adobe ?
Regards
Phil Wade

eSKzHvZreJxktYLUd4jN1oy... RE: Security threat ?
Member 2nd Jul, 2009 13:17
Score: -1
Posts: 82
User Since: 7th Dec 2009
System Score: N/A
Location: N/A
As long as you have an insecure program on your PC, the PSI will inform you about it (unless you choose to use the Ignore Rules). Could it be you have installed the latest version of Adobe Reader, but still have the old one also? If you have the old version in the Insecure-tab and the new version on the Patched-tab, that would be the explanation.

Personally I would completely uninstall Adobe Reader and instead try one of these free, faster and safer alternatives: http://pdfreaders.org
Was this reply relevant?
+0
-0
Anthony Wells RE: Security threat ?
Expert Contributor 2nd Jul, 2009 17:13
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 2nd Jul, 2009 17:17
This problem dates back several weeks to trying to update v 9.1.0 & there are several threads which suggest several solutions , some work, some seem to & some people seem to be stuck .

I resolved my problem using the Reader help menu links of "about" , "update" & "repair" - close Reader - & any anything else you can do so safely - before you run the Wizard ; others have needed a"clean" uninstall .

You will need to scroll through the threads for more info that "might" apply to you.

Good luck.

PS: with regard old & newer versions you tend to get a mix of files in the same folder ; hence a very "clean" uninstall.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
travler78 RE: Security threat ?
Member 21st Jul, 2009 00:03
Score: 0
Posts: 1
User Since: 7th Dec 2008
System Score: N/A
Location: N/A
I'm getting the same "warning". I'm on Acrobat (both Pro & Reader) v9.1.2 which is the latest Adobe offers. Not sure where v9.2 (in Secunia) comes from...
Was this reply relevant?
+0
-0
Anthony Wells RE: Security threat ?
Expert Contributor 21st Jul, 2009 00:10
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
In order to clarify your post & for someone to help , you need to do the following :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

If you are unable to resolve the problem yourself , all this info should allow someone on the forum to help/advise you .


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
fengen RE: Security threat ?
Member 21st Jul, 2009 02:10
Score: 0
Posts: 1
User Since: 21st Jul 2009
System Score: N/A
Location: N/A
Well...
This is funny..
It told me the same, at the same time Trend Micro reports this software as pretty suspicious..
But.. Before this scan, I DID NOT have the Flash Player installed on my computer. Got the full version of Flash thou, but no flash player. And my Office 2007, without any SP's.. No problems.
Free stuff is free stuff for a reason. I got a tendenze to blow dog, big time. And this sure as hell does..

Elvis has left the building..

Ps.. Running Vista 64-bit, with SP-2. Trend Micro 2009.. Trend told me NOT to install this software..
Was this reply relevant?
+0
-0
birch17dog RE: Security threat ?
Member 21st Jul, 2009 14:23
Score: 0
Posts: 3
User Since: 29th Jun 2009
System Score: N/A
Location: N/A
Thank you Anthony.
Here is the info as requested :-
1) Done
2) Done
3) Insecure
4) Done
5) C:\ProgramFiles\Adobe|Reader9.0\Reader\AcroRd32.ex e
6) No "Toolbox" evident, there is however :- Extra Information/Known issues with AdobeReader9.0.x
Fixit with Download solution - didn't work
Solution Wizard - didn't work
What's next ?
Regards
Was this reply relevant?
+0
-0
birch17dog RE: Security threat ?
Member 21st Jul, 2009 15:35
Score: 0
Posts: 3
User Since: 29th Jun 2009
System Score: N/A
Location: N/A
Anthony, I should have tried this first.
Yes it worked to give me 100% secure rating.
Many thanks for your help.
Regards
Phil
Was this reply relevant?
+0
-0
Anthony Wells RE: Security threat ?
Expert Contributor 21st Jul, 2009 20:15
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
for Phil

Glad you're sorted. To be clear , the bar with the download/solution/wizard links are at the left end is called the "toolbox" & the 6) & 7) links are in the middle of the bar .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Anthony Wells RE: Security threat ?
Expert Contributor 21st Jul, 2009 20:21
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
for fengen

Not sure what warning you got ; not sure which of your programmes Trend Micro does not like ; if you got Flash , the Reader will find you if it needs to ; don't forget to take the dog walkies ; stay free and secure , if that is at all possible .

Let us now if we can help.

Take care Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rschalie RE: Security threat ?
Member 24th Aug, 2009 13:50
Score: 0
Posts: 1
User Since: 3rd Jul 2009
System Score: N/A
Location: N/A
The same here: "This update requires that Acrobat 9.2 is installed in your system". When I look at the update page at Adobe (http://www.adobe.com/support/downloads/product.jsp...) the latest version mentioned is 9.1.3. So, where indeed does the 9.2 come from?
Was this reply relevant?
+0
-0
eSKzHvZreJxktYLUd4jN1oy... RE: Security threat ?
Member 27th Aug, 2009 10:22
Score: -1
Posts: 82
User Since: 7th Dec 2009
System Score: N/A
Location: N/A
on 24th Aug, 2009 13:50, rschalie wrote:
The same here: "This update requires that Acrobat 9.2 is installed in your system". When I look at the update page at Adobe (http://www.adobe.com/support/downloads/product.jsp...) the latest version mentioned is 9.1.3. So, where indeed does the 9.2 come from?


That is Adobe's way of doing updates. You first download and install an insecure version. THEN you can download and install a newer version which might also be insecure. THEN if you are lucky you can download and install an ever newer version which MIGHT be secure.

I hope Adobe change that update strategy!

By the way...
Quote from http://www.sans.org/newsletters/newsbites/newsbite...

"[Editor's Note (Northcutt): I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit the use of Adobe products whenever you can. ]"

Fortunatelly there are lots of other free PDF-readers like Foxit Reader, Sumatra PDF etc.

http://www.foxitsoftware.com/pdf/reader
http://blog.kowalczyk.info/software/sumatrapdf/ind...
http://pdfreaders.org/
Was this reply relevant?
+0
-0
Anthony Wells RE: Security threat ?
Expert Contributor 27th Aug, 2009 11:16
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 27th Aug, 2009 11:29
HBR,

The question was & still is "where indeed does the 9.2 come from?" & not that you need to download 9.1 & patch it three times to get to 9.1.3.

Nobody has given the answer yet (neither on this & another thread) , perhaps you can.

Anthony

PS : quite a few programmes require you to update the "database" after you download it & before you run it .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
eSKzHvZreJxktYLUd4jN1oy... RE: Security threat ?
Member 28th Aug, 2009 13:14
Score: -1
Posts: 82
User Since: 7th Dec 2009
System Score: N/A
Location: N/A
Ups, my mistake. Perhaps it could be a simple typo? Could they have typed 9.2 instead of 9.1.2? If so I'm sure it will be fixed soon.

Anthony, I still think Adobe should not offer a vulnerable version of their product, and actually I don't recall any other software vendor doing that. When people install a PDF-viewer it is usually because they have just downloaded or received a PDF-document that they want to view. They don't want to download a vulnerable version, then update to a newer version, and then update to an even never version just to stay secure. The update feature in Adobe Reader searches for updates once a week so if it is missed the first time...

You know all this I'm sure and I can hardly imagine we really disagree on this. I'm just quite annoyed with Adobe and think they need to take responsibility for their own products since they cause a lot of problems worldwide.
Was this reply relevant?
+0
-0
Anthony Wells RE: Security threat ?
Expert Contributor 28th Aug, 2009 17:14
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 28th Aug, 2009 17:18
Hello HBR .

A minor point , but when I changed MS PPTViewer from v2003 to v2007 , after downloading I had to go to MS updates 2 or 3 times (can't remember exactly how many times ) for security updates - pointed up by PSI , bless it's socks. Mine was the easy bit of the saga as it is standalone .

Doesn't make anything better or right , but criticism goes further when it is constructive to help the ongoing situation rather than quixotically changing the world as we both may wish .

For example, the latest Flash installer removes the old version , but neither Adobe nor Secunia tell you about stopping/quitting all programmes (you can do safely - including PSI) before you run it ; & yet the Tech Notes , where you find the Flash uninstaller programme on the Adobe website , give plenty of clear advice , provided you scroll down below the link . They cannot uninstall say the.ocx in use , neither can the user .

It's a question of how to communicate with the beginner and average user (like me) & how to improve therein the problems we have today .

As with Java , some progress is being made , nothing works perfectly.

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability