Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Adobe Systems |
And, this specific program: Adobe Reader 9.x |
| gerd_1972 | Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 |
|---|---|
 |
2nd Aug, 2009 22:25 |
|
Ranking: 0 Posts: 6 User Since: 2nd Aug, 2009 System Score: N/A Location: N/A |
Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 |
| rgerard127 | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
3rd Aug, 2009 01:14 | ||||||||
| Score: 0 Posts: 1 User Since: 5th Jul 2009 System Score: N/A Location: N/A |
I just upgraded Adobe Reader to 9.1.3. However, the upgrade does not appear to touch AcroRd32.exe. It's property still reads as version 9.1.0.163. PSI is looking at the EXE file to determine what version your running. | ||||||||
|
|||||||||
| Major senior | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
4th Aug, 2009 06:28 | ||||||||
| Score: 0 Posts: 1 User Since: 3rd Dec 2008 System Score: N/A Location: N/A |
on 3rd Aug, 2009 01:14, rgerard127 wrote: I just upgraded Adobe Reader to 9.1.3. However, the upgrade does not appear to touch AcroRd32.exe. It's property still reads as version 9.1.0.163. PSI is looking at the EXE file to determine what version your running. ... PSI is looking at the EXE file to determine what version your running. It's evident ! But why PSI does'nt detect the fact that Reader was patched (version 9.13)? |
||||||||
|
|||||||||
| Al Williams | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
5th Aug, 2009 16:41 | ||||||||
| Score: 0 Posts: 1 User Since: 24th May 2008 System Score: N/A Location: N/A |
on 3rd Aug, 2009 01:14, rgerard127 wrote: I just upgraded Adobe Reader to 9.1.3. However, the upgrade does not appear to touch AcroRd32.exe. It's property still reads as version 9.1.0.163. PSI is looking at the EXE file to determine what version your running. I also have the same problem! Apparently Secunia doesn't look at the same information as Adobe Reader because Adobe Reader reports 9.l.3. Why does Secunia look at the wrong information? Al Williams |
||||||||
|
|||||||||
| Orient_River | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
5th Aug, 2009 17:21 | ||||||||
| Score: 0 Posts: 2 User Since: 3rd Jul 2009 System Score: N/A Location: N/A |
Same issue here...Secunia is reporting an incorrect version. | ||||||||
|
|||||||||
| Orient_River | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
5th Aug, 2009 17:21 | ||||||||
| Score: 0 Posts: 2 User Since: 3rd Jul 2009 System Score: N/A Location: N/A |
Same issue here...Secunia is reporting an incorrect version. | ||||||||
|
|||||||||
| MeccStar | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
5th Aug, 2009 23:10 | ||||||||
| Score: 0 Posts: 1 User Since: 24th Feb 2009 System Score: N/A Location: N/A Last edited on 5th Aug, 2009 23:11 |
I have determined that, on my system, the actual installed version of AcroRd32.exe is indeed 9.1.3. However,if you query the 'properties' of the file, it reports 9.1.0.163. Apparently, the installer program failed to update the version field of the file directory entry, which, it also appears, is what PSI looks to for its version data. The question I have now is: Is there a manual method to change the version datum in the file directory? If we could do that, PSI would see it and everything would be ok (I think). At any rate, regardless of what PSI reports, I am satisfied that the program is up to date and as safe as possible. Leonard |
||||||||
|
|||||||||
| kygin | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
6th Aug, 2009 16:51 | ||||||||
| Score: 0 Posts: 6 User Since: 16th Jan 2008 System Score: N/A Location: US |
Same situation here, but with Acrobat as well as Reader. File version reported through Properties is the old version, file version reported in About with the program open is 9.1.3. It's an Adobe problem, one that likely won't be addressed any time soon. | ||||||||
|
|||||||||
| wr | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
6th Aug, 2009 19:00 | ||||||||
| Score: 298 Posts: 716 User Since: 30th Mar 2008 System Score: 100% Location: US |
http://secunia.com/community/forum/thread/show/243... Please read the post by AJNorth02 in this link-it may help with the problem. Regards, wr -- HP Pavilion Slimline Windows Vista Home Premium SP2 32 bit AMD Athlon 64 X2 Firefox 17.0.6 ESR The weakest link of a computer system is always sitting in front of the monitor. |
||||||||
|
|||||||||
| WMACK | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
6th Aug, 2009 19:20 | ||||||||
| Score: 0 Posts: 10 User Since: 20th Nov 2008 System Score: 100% Location: Saint John, CA |
I just rescanned and it now shows patched. -- HP Pavilion Vista Home Premium 32 bit |
||||||||
|
|||||||||
| kygin | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
6th Aug, 2009 20:07 | ||||||||
| Score: 0 Posts: 6 User Since: 16th Jan 2008 System Score: N/A Location: US |
I rescanned, too, and it shows both Reader and Adobe Acrobat as being patched, but they still have the unpatched version number listed. Is it possible this will cause problems later? | ||||||||
|
|||||||||
| wr | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
6th Aug, 2009 22:14 | ||||||||
| Score: 298 Posts: 716 User Since: 30th Mar 2008 System Score: 100% Location: US Last edited on 6th Aug, 2009 22:25 |
Hi kygin, I don't use Adobe products except for Flash Player, so I'm not sure if problems or not-but to be sure you may want to check the 'path' & delete any remnants of the old, outdated version. Regards, wr EDIT: What is the path to the insecurity? To locate the exact file that the Secunia PSI has detected, please follow these guidelines using the ADVANCED interface: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ * Click on the + sign of the programm to “expand’ it. -- HP Pavilion Slimline Windows Vista Home Premium SP2 32 bit AMD Athlon 64 X2 Firefox 17.0.6 ESR The weakest link of a computer system is always sitting in front of the monitor. |
||||||||
|
|||||||||
| poutnikl | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
7th Aug, 2009 06:48 | ||||||||
| Score: 0 Posts: 38 User Since: 8th May 2008 System Score: N/A Location: N/A Last edited on 7th Aug, 2009 06:49 |
I had the same problem. The about menu item, reported 9.1.3, but PSI 9.1.0.163. It happened short after Reader update. But, I looked at Reader executable in its folder and it had suspicious filedate from February. I got an idea - restarted PC. Adobe installer did not required to do so, but it is always good practice at bigger software. And, after reboot, PSI reported it correctly as 9.1.3 |
||||||||
|
|||||||||
| eSKzHvZreJxktYLUd4jN1oy... | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
17th Aug, 2009 15:01 | ||||||||
| Score: -1 Posts: 82 User Since: 7th Dec 2009 System Score: N/A Location: N/A |
Quote from http://www.sans.org/newsletters/newsbites/newsbite... "[Editor's Note (Northcutt): I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit the use of Adobe products whenever you can. ]" Fortunatelly there are lots of other free PDF-readers like Foxit Reader, Sumatra PDF etc. http://www.foxitsoftware.com/pdf/reader http://blog.kowalczyk.info/software/sumatrapdf/ind... http://pdfreaders.org/ |
||||||||
|
|||||||||
| poutnikl | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
17th Aug, 2009 18:49 | ||||||||
| Score: 0 Posts: 38 User Since: 8th May 2008 System Score: N/A Location: N/A |
Well, but less advisories does not always mean safer software. It can also mean less checked software. If I need not to report vulnerabilities of various flavours of UNIX and LINUX, my reporter's life would be much easier. But it does not lead me to conclusion Windows is safer. |
||||||||
|
|||||||||
| eSKzHvZreJxktYLUd4jN1oy... | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
18th Aug, 2009 10:40 | ||||||||
| Score: -1 Posts: 82 User Since: 7th Dec 2009 System Score: N/A Location: N/A |
poutnikl: I completely agree. :-) | ||||||||
|
|||||||||
| Kiroupirou | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
19th Aug, 2009 10:15 | ||||||||
| Score: 0 Posts: 1 User Since: 19th Aug 2009 System Score: N/A Location: N/A |
Hi all, Actually it was not really a problem from Secunia. The bug is more on Adobe side. Actually the file acrord32.exe has two version file on it and the engin from Secunia was looking @ the wrong one. |
||||||||
|
|||||||||
| gerd_1972 | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
30th Aug, 2009 14:20 | ||||||||
| Score: 0 Posts: 6 User Since: 2nd Aug 2009 System Score: N/A Location: N/A |
Well, rescanning does NOT resolve the issue for me. I still shows up unpatched | ||||||||
|
|||||||||
| RxDdude | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
30th Aug, 2009 15:47 | ||||||||
| Score: 4 Posts: 33 User Since: 20th Aug 2009 System Score: N/A Location: US Last edited on 30th Aug, 2009 16:04 |
Kudos to -HBR- who, at about five items above, suggests moving away from Adobe software and offers links to some free alternative PDF readers, since Adobe seems not to be, as I would say, taking care of business; and, there are alternative free PDF readers available. That's regretted, but it looks like a fair assessment, -HBR-. I say, regretted, because I have respect for Adobe's longstanding elite status and their past pioneering of useful apps., and one dislikes to see this good name being ruined by a careless management in this later generation. Now, I would like to poll the Forum as to: A. which of these alternate apps are you using and finding to be "good" to use, including, not loaded with vulnerabilities needing to be patched? B. which ones have you found being monitored by Secunia PSI? If there is a "magic bullet" out there, I would want to use it. It may be that it is merely a lack of attention heretofore by exploiters and equally by the vuln-testers in the online community, that provides a measure of currently good results... Falling Rock - - " 'The Earth grows degenerate, corrupt, in these latter days. Evil abounds. Men cheat men in the marketplace. The rulers threaten and oppress the people. Children despise their elders; even the dogs no longer obey their masters. Surely the end of the world is near.' - - Inscription on Assyrian stone tomb, ca. 2200 B.C." ( translation unattributed; quoted from memory of the item printed in Fort Worth Star-Telegram, ca. A.D. 1974 ) -- R&DDude ======================================== All I really need to know in life, I learned from the theory of relativity! -------------------------------------------- “Everything should be completed as soon as possible. And, not sooner.” – attributed to Al Einstein ============================================ HP Pavilion a1020n / Win XP Pro SP3 (x86) / AMI BIOS 3.19 Intel P4 519J 3.06 GHz / 2 GB DDR2 PC-4200 140 GB free on System partition Firefox 3.6.15 / NoScript 2.0.9.9 / M$ IE 8.0 (rarely used) Comodo IS 2011 v5.3 / M$ Security Essentials v1.99.1103.0 ============================================ |
||||||||
|
|||||||||
| RxDdude | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
30th Aug, 2009 16:46 | ||||||||
| Score: 4 Posts: 33 User Since: 20th Aug 2009 System Score: N/A Location: US |
Here is a perhaps-exhaustively complete report of Secunia vs. Windows vs. Adobe Reader behavior. See if your findings agree. . Apology - This was mistakenly posted first under the Acrobat Patched thread - probably ought to be in this thread. . Re Adobe Reader - What am I to believe, here? Is my Reader safely patched to V9.1.3, or is my Reader unsafe? Where does one find the straight answer? Viz., o 1.0 Secunia PSI in the fully Patched tab shows Adobe Reader Version 9.0.246.0, listing Path D:\Program Files\Adobe\Reader9.0\Reader\AcroRd32.exe. o 1.1 PSI also tells me that “This update can be applied only to Adobe Reader 9.1.1. Users with version 9.1 should first install version 9.1.1 before proceeding with this update to version 9.1.2.” etc. ( Oh, 9.1.2? ) o 2. Yet, Windows® Add or Remove Programs (WARP) function tells me that I have "Adobe Reader 9.1.3 – CPSID_49522" installed on 8/2/2009, and no other Adobe Reader is listed in WARP. o 3. Selecting the above path in Windows® Explorer shows me a file named AcroRd32.exe and the Properties sheet on that file tells me on General tab that I have Adobe Reader 9.1, and on the Version tab top line it shows me File version: 9.1.0.163, and in the Other Version Information subwindow, the Item named File Version shows Value of 9.1.0.2009022700, and the same Value for the item, Product Version. (Wow!!) o 4. Opening Adobe Reader and checking in "Help">"About Adobe Reader 9" produces at first a “Version 9.1.3” legend beneath the app name. o 5. Place the mouse over this “Version 9.1.3” legend and left-click, and it changes to read, “Version 9.1.2.82”! o 6. Click it again, and it changes to say, “AGM Version 4.18.84”. o 7. Click it again, and it says, “CoolType Version 5.5.62”! o 8. Click again and it says, “Core Version 9.258”! o 9. Click again and it says, “ADM Version 9.01x0”. o 10. Next, comes “JP2K version 2.0.0.2680”. o 11. And the seventh click cycles back to 9.1.3. What a mess! o 12. Perhaps Secunia ought to address and cure the apparent discrepancies that Secunia's own patch reporting presents; I am referring to items 1.0 and 1.1 above. Sincerely, Falling Rock OS: Win XP Pro SP3 (M$ IE 8.0 is also installed, but used as seldom as possible.) SYS: HP Pavilion a1040n (purch. 2005) CPU: Intel® Pentium® 4 519J @ 3.065 GHz RAM: 2GB PNY DDR 3200 HD: 155 GB free BRW: Firefox 3.5.2 w/NoScript 1.9.8.7 -- R&DDude ======================================== All I really need to know in life, I learned from the theory of relativity! -------------------------------------------- “Everything should be completed as soon as possible. And, not sooner.” – attributed to Al Einstein ============================================ HP Pavilion a1020n / Win XP Pro SP3 (x86) / AMI BIOS 3.19 Intel P4 519J 3.06 GHz / 2 GB DDR2 PC-4200 140 GB free on System partition Firefox 3.6.15 / NoScript 2.0.9.9 / M$ IE 8.0 (rarely used) Comodo IS 2011 v5.3 / M$ Security Essentials v1.99.1103.0 ============================================ |
||||||||
|
|||||||||
| Anthony Wells | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
30th Aug, 2009 16:53 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
@FallingRock , This is my reply to your post on the other thread :- The data you detail is much the same as mine & I consider that I have version 9.1.3 fully patched. This is further detailed on this thread ;- http://secunia.com/community/forum/thread/show/240... and others. V9.0.246.0 refers to the "authplay.dll" file which patched v9.1.2 to v9.1.3. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| eSKzHvZreJxktYLUd4jN1oy... | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
31st Aug, 2009 11:27 | ||||||||
| Score: -1 Posts: 82 User Since: 7th Dec 2009 System Score: N/A Location: N/A |
on 30th Aug, 2009 15:47, RxDdude wrote: A. which of these alternate apps are you using and finding to be "good" to use, including, not loaded with vulnerabilities needing to be patched? B. which ones have you found being monitored by Secunia PSI? A. I like SumatraPDF, and also Foxit Reader if you make sure to exclude the Ask Toolbar during installation. B. I don't think I have any programs on my PC's that is not detected by the PSI. Should you have any you can make a software suggestion so it can be added to the database. |
||||||||
|
|||||||||
| Slamgeden | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
31st Aug, 2009 15:52 | ||||||||
| Score: 0 Posts: 181 User Since: 17th Jul 2009 System Score: N/A Location: N/A |
I have to recommend SumatraPDF over foxit, because not only is SumatraPDF Free Software (Freedom AND beer!), but it also doesn't sneak crapware into your system. Double-bonus. -- Assorted Fnords. |
||||||||
|
|||||||||
| RxDdude | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
25th Sep, 2009 01:11 | ||||||||
| Score: 4 Posts: 33 User Since: 20th Aug 2009 System Score: N/A Location: US |
Thanks. Will look into it. World of Trust had only three comments by users; all were positive, so far, however. -- R&DDude ======================================== All I really need to know in life, I learned from the theory of relativity! -------------------------------------------- “Everything should be completed as soon as possible. And, not sooner.” – attributed to Al Einstein ============================================ HP Pavilion a1020n / Win XP Pro SP3 (x86) / AMI BIOS 3.19 Intel P4 519J 3.06 GHz / 2 GB DDR2 PC-4200 140 GB free on System partition Firefox 3.6.15 / NoScript 2.0.9.9 / M$ IE 8.0 (rarely used) Comodo IS 2011 v5.3 / M$ Security Essentials v1.99.1103.0 ============================================ |
||||||||
|
|||||||||
| d_j_owen | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
28th Sep, 2009 21:53 | ||||||||
| Score: 0 Posts: 1 User Since: 28th Sep 2009 System Score: N/A Location: UK |
on 2nd Aug, 2009 22:25, gerd_1972 wrote: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 The solution is easy. Do not use Adobe Updater to update Reader via the program (Adobe Reader - Help - Updater). Use the Secunia link to get the updates. If you have already updated to 9.1.3 then you may need to uninstall Adobe Reader and start with a fresh install of Adobe Reader. Using the Secunia link there are a number of updates presented to you. 9.1.2 is further down the page. Install 9.1.2 and PSI will be happy. Now you can install 9.1.3 and you will be fully patched and PSI will report you as being fully patched. This often happens if multiple patches are applied in one go, they do not necessarily apply them in order. |
||||||||
|
|||||||||
| as39 | RE: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 | ||||||||
|
|
11th Oct, 2009 20:07 | ||||||||
| Score: 0 Posts: 3 User Since: 8th Jul 2009 System Score: N/A Location: N/A |
on 2nd Aug, 2009 22:25, gerd_1972 wrote: Adobe Reader 9.1.3 is detected by PSI as 9.1.0.163 |
||||||||
|
|||||||||
