navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Secunia PSI fails at Patching Adobe Reader

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Reader 9.x

This thread has been marked as locked.
czer28 Secunia PSI fails at Patching Adobe Reader
Member 7th Jun, 2010 17:24
Ranking: 0
Posts: 3
User Since: 7th Jun, 2010
System Score: N/A
Location: DE
I had installed Adobe Reader 9.3.0. Secunia PSI says me, there is an unpatched
vulnerability and offers the Windows Installer Patch AdbeRdrUpd932_all_incr.msp.

This is an error. For the incremental patch to 9.3.2 I must have installed the Adobe Reader 9.3.1, not 9.3.0.

I have manually updated to Adobe Reader 9.3.2 and made a new PSI-Scan.

But Secunia PSI does not recognize the new version 9.3.2 and says further on
"unpatched vulnerability".

What can I do?

TiMow RE: Secunia PSI fails at Patching Adobe Reader
Dedicated Contributor 7th Jun, 2010 18:08
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 7th Jun, 2010 18:13
You may well have a PSI reporting error, but (as of time of writing), whatever you may do, will not currently remove the vulnerability with Adobe Reader, as there is a standing Secunia Advisory, with no solution (but a workaround, suggested; - you should follow the advice under sub-heading "Solution" (part way down)).

Please see:

http://secunia.com/advisories/40034/

The workaround, should (hopefully) make you more secure, but Reader will still be flagged by PSI until a full vendor patch is issued.

@Anthony Wells (a forum contributor) offered the following advice on a similar thread:

Quote: " ..... I have renamed the Adobe Reader "authplay.dll" by adding "_old"." Unquote

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0
Anthony Wells RE: Secunia PSI fails at Patching Adobe Reader
Expert Contributor 7th Jun, 2010 18:22
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 7th Jun, 2010 18:23

@czer28 ,

To be clear , Adobe Raeder 9.x shows as version 9.3.2.163 in the "patched" tab of PSI (when using PSI in "advanced" mode) . This is the latest "patched" version .

It will also show in the "secure browsing" tab as "insecure , no solution" because of SA40034 (click on the link in PSI or TiMow's post above , to read more) .

The "solution" to the "authplay.dll is a workaround and will not be read by PSI .

Hope that is clear , if not ask .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
gjjean RE: Secunia PSI fails at Patching Adobe Reader
Contributor 8th Jun, 2010 10:30
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
@czer28

After the recommendations from Timow & Anthony Wells and
If you want to read a brief description about this security, then go to:

http://blogs.adobe.com/psirt/2010/06/security_advi...

Then consider visiting the following site for more details and a workaround:

http://www.adobe.com/support/security/advisories/a...

If you don’t want to stick with Adobe Reader, then you can choose an alternative for.

Good luck.


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+1
-0
czer28 RE: Secunia PSI fails at Patching Adobe Reader
Member 8th Jun, 2010 14:34
Score: 0
Posts: 3
User Since: 7th Jun 2010
System Score: N/A
Location: DE
@TiMow, Anthony Wells and gijean
Many thanks for your helpful returns!
I will rename authplay.dll, this is the easiest way of help.

Now I understand, Adobe Reader 9.3.2 has the same vulnerability as Adobe Reader 9.3.0. But why offers Secunia 9.3.2 as patch for 9.x? "In the moment no patch available" would be the better answer. And why an incremental patch, when it is suitable only for 9.3.1?

Letīs hope, on 29.6.2010 the Adobe Reader is secure again!
Was this reply relevant?
+0
-0
Anthony Wells RE: Secunia PSI fails at Patching Adobe Reader
Expert Contributor 8th Jun, 2010 15:42
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@czer28 ,

Both Adobe Reader versions 9.3.0. and 9.3.1. are now "insecure" and can be patched ; they will currently display in the "insecure" tab of PSi . When you had 9.3.0. (just before you posted) it should have been displayed there because there is a patch to 9.3.1.

Version 9.3.1. would still/also show in "insecure" as there is a patch to 9.3.2.

The current "solution" to 9.3.0. is to update to 9.3.2. :ie: the latest patched version ; I seem to remember that PSI used to advise - in the expanded page of the programme (click on the [+] link at the left end) that the updates are incremental .

Updating to 9.3.1. is not a solution in itself and so cannot be offered as the solution .

Secunia/PSI offers the source of the solution ; sometimes it is complicated and so you need to be sure what you are downloading , as obviously you do/did ;))

The latest unpatched vulnerability applies to all 9.x versions of Reader ; so the current workaround is suggested in the Secunia Advisory and the Adobe pages John has provided links to in his post .

If you have any other queries please ask .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
czer28 RE: Secunia PSI fails at Patching Adobe Reader
Member 8th Jun, 2010 15:50
Score: 0
Posts: 3
User Since: 7th Jun 2010
System Score: N/A
Location: DE
Many thanks again, Anthony!
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+