navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Abode Reader 9.31 update

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Reader 9.x

This thread has been marked as locked.
henryg Abode Reader 9.31 update
Member 8th Mar, 2010 10:34
Ranking: 14
Posts: 11
User Since: 23rd May, 2009
System Score: N/A
Location: N/A
Secunia reports Adobe Reader 9.30 as vulnerable, and allows me to download a 9.31 patch. Unfortunately, it then see this as 9.20.124 and so the process repeats.

I have been round the loop a couple of times in case I had got a bad version somehow, but it was the same. I also downloaded the latest version off Adobe's website, and this is still 9.30, so what is happening please?

Win 7 Pro 64-bit.

This user no longer exists RE: Abode Reader 9.31 update
Member 8th Mar, 2010 11:03
Hi,
Adobe patches are incremental. This mean that after installing the main program, you have to install a new patch to get up to the latest secure version.
You can refer to this: http://secunia.com/blog/75/

As for the problem at hand, does the patch finish installing?

What is the "path" to the vulnerability? You can see this by clicking "+" the expand the entry, and then reading the "installation path" field.

Is there more than one Adobe reader on your system, possibly one patched and one insecure? Have you tried rebooting and rescanning?

Hope this helps.
Was this reply relevant?
+0
-0
henryg RE: Abode Reader 9.31 update
Member 8th Mar, 2010 12:54
Score: 14
Posts: 11
User Since: 23rd May 2009
System Score: N/A
Location: N/A
on 8th Mar, 2010 11:03, wrote:
Hi, Adobe patches are incremental. This mean that after installing the main program, you have to install a new patch to get up to the latest secure version.
You can refer to this: http://secunia.com/blog/75/

As for the problem at hand, does the patch finish installing?


Done and yes.

(unknown source)
What is the "path" to the vulnerability? You can see this by clicking "+" the expand the entry, and then reading the "installation path" field.


C:\Program Files (x86)\Utils\AdobeReader\Reader\AcroRd32.exe

(unknown source)
Is there more than one Adobe reader on your system, possibly one patched and one insecure? Have you tried rebooting and rescanning?


Only one, I did a full search. Yes to reboot and rescan.

Thanks for the suggestions though.

BTW Secunia correctly identifies the vulnerable 9.30, it is the

AdbeRdrUpd931_all_incr.msp

patch that is messing it up

Was this reply relevant?
+1
-0
This user no longer exists RE: Abode Reader 9.31 update
Member 8th Mar, 2010 13:06
Hi,

Please try to download and run this file:
http://ardownload.adobe.com/pub/adobe/reader/win/9...

Once it has successfully finished, reboot, and rescan with the PSI.

hope this helps.
Was this reply relevant?
+0
-0
henryg RE: Abode Reader 9.31 update
Member 8th Mar, 2010 14:04
Score: 14
Posts: 11
User Since: 23rd May 2009
System Score: N/A
Location: N/A
Last edited on 8th Mar, 2010 14:05
That is the same file I already installed, but I downloaded and installed it again from the link you provided with, not surprisingly, the same result. I rebooted after installation.


Henry
Was this reply relevant?
+0
-0
This user no longer exists RE: Abode Reader 9.31 update
Member 8th Mar, 2010 14:57
Hi,

Could you try to use the build-in updater in Reader? This usually works without too much pain.

Hope this helps.
Was this reply relevant?
+0
-0
henryg RE: Abode Reader 9.31 update
Member 8th Mar, 2010 15:40
Score: 14
Posts: 11
User Since: 23rd May 2009
System Score: N/A
Location: N/A
Oh dear, exactly the same. I'll ignore it until the next update (either Secunia or Adobe).
Was this reply relevant?
+0
-1
lelandhamilton RE: Abode Reader 9.31 update seen as 9.2.0.124 instead of 9.3.0.148 or 9.3.1
Member 10th Mar, 2010 20:57
Score: 2
Posts: 3
User Since: 14th Nov 2008
System Score: 99%
Location: US
Secunia PSI identifies C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe as insecure. Have already updated to 9.3.1 (and reported by Adobe Reader Help About) and properties report as File Version 9.3.0.148, However Secunia PSI Technical details identify file as 9.2.0.124.

The plug-ins all report 9.3.0.148 except Forms is version 9.3.1.203 (C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api)

Vista Home Premium, SP1, IE7, UAC, COMODO Internet Security, Administrative user.
Was this reply relevant?
+2
-0
Anthony Wells RE: Abode Reader 9.31 update
Expert Contributor 10th Mar, 2010 21:41
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@henryg ,

Just like @lelandhamilton , if you open Adobe Reader and go to the "help" tab ; in the drop down menu use :-

1)the "About Adobe Reader 9 .."" link and the "up to date" version will display version 9.3.1

2)the "about Adobe plug-ins..." link will show a list in the left pane , click on each and if your version is up to date the right pane will show all as being v 9.3.0.148 except for Forms which will show as AcroForm.api v 9.3.1.203.; this file is the one Secunia have said they use in their detection rules .

This is what shows for us both , but unlike @lelandhamilton my Technical details show as version 9.3.1.203 .

OSI had a detection rule problem yesterday , so if your check using 1) and 2) shows as the up to date version then there would seem to be a PSI detection rule problem.

You may wish to let Secunia know by email to support@secunia.com if Emil Petersen does not pick this up tomorrow .

Hope this helps
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
henryg RE: Abode Reader 9.31 update
Member 10th Mar, 2010 21:58
Score: 14
Posts: 11
User Since: 23rd May 2009
System Score: N/A
Location: N/A
Mine is the same!

Henry
Was this reply relevant?
+0
-0
This user no longer exists Status Update
Member 19th Mar, 2010 09:20
Last edited on 19th Mar, 2010 09:20 A temporary fix for this, is to do a local rescan of just this application. If it shows as secure after this can, you are all patched. The next full system scan will, however, show it as insecure again. This is a known issue, and we're working on it. Thank you all for your patience.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+