navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Secunia doesn't recognize patch, part II continued

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Acrobat 8.x

This thread has been marked as locked.
Sakerhet Secunia doesn't recognize patch, part II continued
Member 30th Aug, 2010 23:36
Ranking: 7
Posts: 7
User Since: 11th Jun, 2008
System Score: N/A
Location: SE
First of all, I feel embarrassed to admit I was not able to point at the reply button in my last thread.

Instead I locked the tread (this time for once I would have loved a second chance question "Are you sureÖ")!

This is what I would have replied if I had done it right:

Thank you Anthony (you are really fast with your answers) and Emil!

You are both pointing out the possibility that there is more than one copy of Acrobat.exe. So I just checked once more to be sure. It is the same installation path to the file for both the full scan and the rescan. But the full scan seems to think itís the old 8.1.7.59 version.

I can agree that there are some advantages by using version dependency rules so that users are not confused when they read the patched programs report. You prefer showing the "logical" version for the program.

But then again, when this bug occurs, when the full scan and the rescan are not consistent, and you read those weird version numbers you really get confused.

I hope that you will find a solution to the issue, it doesnít seem impossible to fix. On the other hand Acrobat 8 is old and the number of users will drop when they upgrade to those fancy new versions released.

Thank you again for your prompt answers, Anthony and Emil!

This user no longer exists RE: Secunia doesn't recognize patch, part II continued
Member 31st Aug, 2010 08:49
Hi,

If you need a thread unlocked, just drop us an email at support@secunia.com, and we'll get right on unlocking it. ;)

It is not necessarily Acrobat.exe that exists more than once (if that was the case, it would be detected twice), but could be Acrobat.dll. A copy of Acrobat.dll in a backup folder (or similar) could cause the PSI to get it's version information from that file.

We don't use version dependency rules merely to provide the logical version number. In fact, Adobe usually fails to update the version numbers on the main executables, so it's usually a race to find the one file where the information was actually updated. It is certaintly not impossible to fix, and in fact, I would suggest keeping a close eye on the forum the next couple of days.

hope this helps.
Was this reply relevant?
+0
-0
Anthony Wells RE: Secunia doesn't recognize patch, part II continued
Expert Contributor 31st Aug, 2010 18:43
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 31st Aug, 2010 18:50
Hello again Sakerhet :)

In your first thread you said this :-

""""When I run a full scan Secunia recognize Acrobat.exe as version 8.1.7.59.

Windows 7 (X64) states in the file options tab the version is 8.2.3.231. But when Secunia runs a "rescan" for just that single file it is recognized as safe and the version is claimed to be 8.2.4.268. """"

It still seems strange that Secunia is showing the 8.1.7.59 version (correctly) in the insecure tab and not the 8.2.3.231 .exe file which should match the 8.2.4.268 .dll file .

Just to confirm that you only have one instance of Acrobat in a full scan by the PSI in the "insecure" tab and nothing displayed in the "patched" tab ??

Did you update 8.1.7.xx to 8.2 3.xx and then patch to 8.2.4.xx ??

Can you find the 8.1.7.xx .exe file in the same folder where you found/moused/optioned the 8.2.3.xx .exe file ??

What is the "installation path" ?? Does it lead to the same folder and file if you use the "open folder" icon in the "toolbox" of the programme expanded page from within the "insecure" tab ??

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Sakerhet RE: Secunia doesn't recognize patch, part II continued
Member 31st Aug, 2010 23:16
Score: 7
Posts: 7
User Since: 11th Jun 2008
System Score: N/A
Location: SE
Hello Anthony,

Thank you for your efforts to help.

There is only one instance of Acrobat and itís in the insecure tab after a full scan and then it moves to the patched tab after I run a re-scan. The path is the same. I can see no renamed version of acrobat dll/exe in the folder.

I guess Emil has something going on to clear the issue. It may be a flaw in Secunia or if there really is an old file hidden somewhere it would be a useful improvement if Secunia could log or show the path to and exact filename where the problem is found.

For now I am not too much worried that this is a security problem in my system. I will follow Emil suggestion and keep a close eye on the forum the next couple of days.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+