Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Unpatched : Highly Critical Vulnerability In Adobe Acrobat and Re...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

This thread has been marked as locked.
Anthony Wells Unpatched : Highly Critical Vulnerability In Adobe Acrobat and Reader
Expert Contributor 16th Dec, 2009 22:36
Ranking: 2445
Posts: 3,332
User Since: 19th Dec, 2007
System Score: N/A
Location: N/A
Last edited on 23rd Dec, 2009 16:37


PSI is showing Adobe Acrobat and Reader with level 5 vulnerabilities unpatched !! It is known to be being exploited !!

This is the suggested work around from Adobe

http://www.adobe.com/support/security/advisories/a...

Anthony

EDIT : I have just applied the registry workaround found here :-

http://kb2.adobe.com/cps/532/cpsid_53237.html

Hope it works :))

EDIT : 23 DEC 2009 : the vulnerability ONLY shows in the "secure browsing" tab (as "insecure , no solution" ).

--


It always seems impossible until its done.
Nelson Mandela

Lee Ving RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 17th Dec, 2009 01:06
Score: -7
Posts: 6
User Since: 16th Dec 2009
System Score: N/A
Location: N/A
Forget Adobe Reader just get rid of it and use Foxit Reader. I have never been able to update an Adobe reader over several versions though the years. It just can't be updated "program not found" or something stupid like that is the message. It's useless software.
Was this reply relevant?
+0
-0
gsmart RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 22nd Dec, 2009 03:14
Score: 7
Posts: 59
User Since: 30th May 2009
System Score: N/A
Location: AU
OK

I also run another test and it tells me Adobe is using up too much space and is unreliable also I just read that Adobe programs are the most hacked.

I will close this now and start a new thread about a replacement free or cost.

Thank you every one

Gsmart
Was this reply relevant?
+0
-0
Anthony Wells RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Expert Contributor 22nd Dec, 2009 11:53
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@gsmart ,

Just a minor point ; this is my thread to close and as other people may need the info prior to the official patch being released , it remains open .

Good luck with your search .
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
MaritimeRider RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 23rd Dec, 2009 02:25
Score: 22
Posts: 174
User Since: 15th Mar 2009
System Score: 100%
Location: CA
Anthony, I just noted your post. My programs are secure. Is this a recent problem or did I miss a post.Please clarify for me and many thanks.
Was this reply relevant?
+0
-0
whaler RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 23rd Dec, 2009 07:01
Score: 0
Posts: 18
User Since: 25th May 2009
System Score: N/A
Location: N/A
Last edited on 23rd Dec, 2009 07:03
I absolutely agree with Lee Ving who was the first to reply to this thread. Foxit reader is the only pdf reader I've found that works just as well if not better than Adobe. If you're not aware of it, Adobe tried to slander Secunia for saying something to the effect that Adobe releases patches that they know are faulty. A recent patch was re-patched in about 10 days. That ought to tell you something. If not, maybe knowing that Adobe finally came forward and admitted Secunia was correct will convince you. Dump Adobe and get Foxit reader. It's free and there are very few things to adjust to get it to completely replace Adobe. It's also about 80% smaller if I remember correctly. Don't quote me on the 80% but it's waaayyyyy smaller. That you can quote me on. You can also get rid of Adobe air and acrobat.com unless you have another use for them. Adobe reader has to have them, Foxit doesn't.
Was this reply relevant?
+0
-0
MaritimeRider RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 23rd Dec, 2009 14:38
Score: 22
Posts: 174
User Since: 15th Mar 2009
System Score: 100%
Location: CA
Last edited on 23rd Dec, 2009 15:31
First, wr posted this thread for info only; not a debate over what is dependable or not dependable.
After re-reading the post and checkinng the vulnerability page, I have concluded that the threat was noted> 12/12/15. Secunia did post it, and Adobe did release a patch.I just wanted to clarify this for new members
and others who may have missed this info.Thus, Adobe should show as secure.Must point out that wr originally posted 12/15/09; then a few days lag time before another post during which time Adobe must have corrected their error.
And lastly to all members. Have a wonderful holiday and safe surfing in 2010.
Was this reply relevant?
+0
-0
Anthony Wells RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Expert Contributor 23rd Dec, 2009 15:59
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 23rd Dec, 2009 16:39
Let us be clear :-

The Secunia advisory SA37690 which reports this vulnerability is dated 15th Dec 2009 , updated 16th Dec 2009.

Adobe have NOT issued a patch as yet (it is expected for 12th Jan 2010) and so the problem is STILL ONLY showing up in the "secure browsing" tab*** and the programmes continue to display in the "patched" tab and not in the "insecure" tab .

The danger is STILL very real as their are known exploits of the vulnerability ; I would recommend you use the two links in my first post and decide whether or not to use the work around from Adobe ; FWIW I have applied/used it .

I opened this thread to look at a specific problem which concerns two Adobe programmes and their users.

Take care
Anthony

*** shows as "insecure , no solution" .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+3
-0
Acer56x RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 23rd Dec, 2009 18:08
Score: 0
Posts: 1
User Since: 23rd Dec 2009
System Score: N/A
Location: N/A
Last edited on 23rd Dec, 2009 18:10
Greetings, Lee has it absolutely right!

You'll never have these problems with Foxit like we've all had with Adobe Reader.

There's a FREE version of Foxit Reader on the left-hand side of this page.

http://www.foxitsoftware.com/pdf/reader/
Was this reply relevant?
+0
-0
MaritimeRider RE: Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 23rd Dec, 2009 21:19
Score: 22
Posts: 174
User Since: 15th Mar 2009
System Score: 100%
Location: CA
Thank you Anthony. Point taken. With DEP and using Vista home premium
SP1>>the worse case scenario would be a denial of service .For myself I can live with that for the short term.













Was this reply relevant?
+0
-0
Anthony Wells RE: Unpatched : Highly Critical Vulnerability In Adobe Acrobat and Reader
Expert Contributor 23rd Dec, 2009 23:12
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

I also have DEP enabled on my XP SP3 , but being a non-techie and only vaguely understanding the jargon , I have applied the registry patch , to be sure , to be sure :)

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
MaritimeRider RE: Unpatched : Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 24th Dec, 2009 00:28
Score: 22
Posts: 174
User Since: 15th Mar 2009
System Score: 100%
Location: CA
Best to do what you are comfortable with.
(R)
Was this reply relevant?
+0
-0
taffy078 RE: Unpatched : Highly Critical Vulnerability In Adobe Acrobat and Reader
Contributor 24th Dec, 2009 11:10
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
after the last such problem, I unistalled Adobe Acrobat & Reader. Touch wood, I've not missed them.
Foxit Reader works well for me.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
This user no longer exists RE: Unpatched : Highly Critical Vulnerability In Adobe Acrobat and Reader
Member 24th Dec, 2009 15:15
on 24th Dec, 2009 11:10, taffy078 wrote:
after the last such problem, I unistalled Adobe Acrobat & Reader. Touch wood, I've not missed them.
Foxit Reader works well for me.

As long as the Ask.com toolbar is not installed with it.
Was this reply relevant?
+0
-0
taffy078 RE: Unpatched : Highly Critical Vulnerability In Adobe Acrobat and Reader
Contributor 24th Dec, 2009 18:42
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Thank you YoKenny. I haven't got an Ask toolbar & I've now deleted my Ask shortcut, just in case. I never use it anyway.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer