Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSE 7.x still shown as insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Photoshop Elements 7.x

This thread has been marked as locked.
muellev PSE 7.x still shown as insecure
Member 25th Dec, 2010 11:52
Ranking: 0
Posts: 3
User Since: 25th Dec, 2010
System Score: N/A
Location: DE
Hello,

I have exactly the same problem as written in the (already closed) thread opened in October by Runkelruebe.

After applying the Adobe patch, my registry shows 7.0.0.3, in Windows Explorer Info tab
- Photoshop Elements 7.0.exe has version no 7.0.0.0
- elm.dll has no version number

And still Secunia PSI still marks the program as insecure.

What shall we do? I'd appreciate if this thread would not be closed without any reply.

Kind regards,
muellev

thedillpickl RE: PSE 7.x still shown as insecure
Contributor 27th Dec, 2010 04:10
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi muellev;

Welcome to the Secunia forum.

In PSI, what is/are the version number(s) reported as insecure?


Regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
muellev RE: PSE 7.x still shown as insecure
Member 27th Dec, 2010 20:28
Score: 0
Posts: 3
User Since: 25th Dec 2010
System Score: N/A
Location: DE
Hi Fred, All,

Thanks for the warm welcome ... during the cold days we currently have in Germany ;-).

PSI reports the "detected" version 7.0.0.0 as insecure - although I ran the update and the exe and dll have the version numbers I mentioned above.

I am using PSI 2.0 on Win7.

Kind regards,
Volker

Was this reply relevant?
+0
-0
thedillpickl RE: PSE 7.x still shown as insecure
Contributor 28th Dec, 2010 02:37
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Last edited on 28th Dec, 2010 02:37
Hi Volker;

I found this on the forum: http://secunia.com/community/forum/thread/show/688...

I believe the problem is that the version of the file Secunia is 'looking' at did not change even though the program was updated. I will ask an expert on Adobe problems to look at this thread.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+2
-0
Maurice Joyce RE: PSE 7.x still shown as insecure
Handling Contributor 29th Dec, 2010 23:49
Score: 11565
Posts: 8,887
User Since: 4th Jan 2009
System Score: N/A
Location: UK
This problem has a fairly lengthy history.

On contact,Adobe support appear more interested in version 9 which I found helpful!

Adobe claim they have fixed the file renaming which appears to have started this problem.

These threads are worth looking at as they give details from Secunia Support & Adobe Support U which some of U may not have seen.

http://secunia.com/community/forum/thread/show/597...


http://secunia.com/community/forum/thread/show/571...


I personally would work on Adobe update - if U have fully updated I think it is fair to assume this is a "false positive" created once again by Adobe failing to get their act together with file renaming.

I would leave this thread open - I will ask Secunia Support to take a look & confirm (if possible) that my advice to ignore it is correct.









--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+5
-0
thedillpickl RE: PSE 7.x still shown as insecure
Contributor 30th Dec, 2010 00:56
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Thank you Maurice!

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
Maurice Joyce RE: PSE 7.x still shown as insecure
Handling Contributor 30th Dec, 2010 17:31
Score: 11565
Posts: 8,887
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 31st Dec, 2010 00:20
Secunia Support have informed me they will look &, if necessary, comment on this thread in the New Year.







--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
This user no longer exists RE: PSE 7.x still shown as insecure
Member 3rd Jan, 2011 15:21
Hi,

I added Adobe's update instructions for this product to our rules, so if you double-click the program and select "Extra Information / Known Issue" you will be able to see these instructions.

Please confirm that: The problem in this case is that even after applying the patch, the file version information is not properly updated.
Is this the case?

If so, could I ask users with this program installed to look for a file with the version information of 7.0.3? If you can find such a file, please submit a software suggestion for it, and add "PSE Attn. Emil" in the comment field.

Hope this helps.
Was this reply relevant?
+0
-0
xformer RE: PSE 7.x still shown as insecure
Member 3rd Jan, 2011 15:49
Score: 0
Posts: 11
User Since: 7th Dec 2008
System Score: N/A
Location: DE
on 3rd Jan, 2011 15:21, wrote:
Hi,
Please confirm that: The problem in this case is that even after applying the patch, the file version information is not properly updated.
Is this the case?


Yes, exactly this is the case.

However, as mentioned before multiple times there is no file that has it's version information changed to 7.0.0.3. The only way to find out wether the patch is applied is either to calculate a hash of the file that is changed or to look into the installed programs list.

This was already explained here (http://secunia.com/community/forum/thread/show/597...):

(unknown source)

...and the only place the fix will be recorded is inside the registry editor where the PSE version will change from 7.0 to 7.0.0.3 at following hive:
HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{CB6075.....}



Regards,
Frank
Was this reply relevant?
+0
-0
This user no longer exists RE: PSE 7.x still shown as insecure
Member 5th Jan, 2011 12:50
Hi,

Having tested this I am afraid I have been unable to reproduce the scenario you describe.

These are the steps I took:
1) Installed Adobe Photoshop Elements 7.x - shown by PSI as insecure and version 7.0.0.0
2) Downloaded and extracted the patch: http://download.adobe.com/pub/adobe/premiereel/win...
3) Ran the Patcher.exe file found within

When I did this, the PSI promptly recognized that a patch had been installed. Is this not the case for you?

If so, what is the version number of the ems.dll file, which should be located at C:\Program Files\Adobe\Photoshop Elements 7.0\ems.dll (Program Files(x86)\ for 64-bit systems)? While the file we detect hasn't had it's information updated, this is the file we use to extract the version number.

Have you tried rebooting after applying the patch?
Was this reply relevant?
+0
-0
xformer RE: PSE 7.x still shown as insecure
Member 5th Jan, 2011 21:11
Score: 0
Posts: 11
User Since: 7th Dec 2008
System Score: N/A
Location: DE
(unknown source)

When I did this, the PSI promptly recognized that a patch had been installed. Is this not the case for you?


No.

(unknown source)

If so, what is the version number of the ems.dll file, which should be located at C:\Program Files\Adobe\Photoshop Elements 7.0\ems.dll (Program Files(x86)\ for 64-bit systems)? While the file we detect hasn't had it's information updated, this is the file we use to extract the version number.


This file does not have any version information in it. The version information is empty.

(unknown source)

Have you tried rebooting after applying the patch?


Of course, quite often.

(unknown source)

Having tested this I am afraid I have been unable to reproduce the scenario you describe.


Did you try to reproduce this on a 32 bit Windows? My machine runs a 32 bit Windows 7.


Regards,
Frank
Was this reply relevant?
+0
-0
xformer RE: PSE 7.x still shown as insecure
Member 5th Jan, 2011 21:41
Score: 0
Posts: 11
User Since: 7th Dec 2008
System Score: N/A
Location: DE
Hello, Emil,

just a thought. I didn't patch PSE with the patcher program but with the built-in Adobe Updater under "Help/Updates". Maybe you should try this way and see what happens then. The Adobe Updater also updates the program to V7.0.0.3.


Regards,
Frank
Was this reply relevant?
+0
-0
muellev RE: PSE 7.x still shown as insecure
Member 5th Jan, 2011 22:30
Score: 0
Posts: 3
User Since: 25th Dec 2010
System Score: N/A
Location: DE
Emil,

First: thanks for taking care of this!

Same reaction for me as for Frank/xformer when running the patch - also after rebooting.

One additional thought: it seems that the names of those who observe the problem always sound German. Maybe it is a localization issue.

At least for me, I run the German version of PSE 7.

What about others who observe this problem?

Best wishes,
Volker
Was this reply relevant?
+0
-0
This user no longer exists RE: PSE 7.x still shown as insecure
Member 6th Jan, 2011 15:04
Hi,

Unfortunately I have not been able to reproduce this issue using either the build-in installer or the Patcher from Adobe.

For anyone still experiencing this issue, are you using a localized version?

If you have been using the internal updater, I recommend using the Download Solution link from the PSI and trying the 'Patcher.exe' program contained within.

Hope this helps.
Was this reply relevant?
+0
-0
xformer RE: PSE 7.x still shown as insecure
Member 6th Jan, 2011 16:47
Score: 0
Posts: 11
User Since: 7th Dec 2008
System Score: N/A
Location: DE
Last edited on 6th Jan, 2011 16:48
on 6th Jan, 2011 15:04, wrote:

Hi,
For anyone still experiencing this issue, are you using a localized version?


Yes!!!!

on 6th Jan, 2011 15:04, wrote:

If you have been using the internal updater, I recommend using the Download Solution link from the PSI and trying the 'Patcher.exe' program contained within.

This is exactly what I and I guess the others have done! This is what the PSI recommends. However, when you run the patcher on an already patched PSE it just says "The program is up-to-date". That's it.

I think it is very intertesting that only users of the German version of PSE 7 seem to have this problem. I have a German Windows 7 with a German PSE 7, as well. Perhaps there is something different between the German and the English version.


Regards,
Frank
Was this reply relevant?
+0
-0
This user no longer exists RE: PSE 7.x still shown as insecure
Member 7th Jan, 2011 13:30
Last edited on 7th Jan, 2011 13:30 Hi,

I am afraid that means that the conclusion is that there is nothing we can do to solve this problem.
Secunia relies on file information put there by the vendor, and without this information the PSI cannot (currently!) distinquish between a patched and insecure version.

I suggest you contact the vendor to notify them of this bug, which in this case is Adobe..

However, you can monitor alerts for PSE 7.x on this page:
http://secunia.com/advisories/product/20061/?task=...

If a new advisory is issued, you will be able to see it on this page.

I'm sorry that we could not provide a more adequate solution.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability