Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Wrong patch and/or false insecurity report

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Acrobat 9.x

This thread has been marked as locked.
dacker Wrong patch and/or false insecurity report
Member 19th Jan, 2011 19:35
Ranking: 0
Posts: 2
User Since: 19th Jan, 2011
System Score: N/A
Location: N/A
PSI reports that my installation of Acrobat Pro, version 9.3.0.148, is insecure and offers a solution.

After downloading the patch and executing the installer, Adobe's installer reports, "The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded is missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch."

* Clearly, the program is not missing
* Running Adobe's own updater reports there are no patches available

---START---

Program Name:
Adobe Acrobat 9.x

Security State:
Insecure

Download Link:
ftp://ftp.adobe.com/pub/adobe/acrobat/win/9.x/9.4....

Instances Found:
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe, version: 9.3.0.148
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.dll, version: 9.3.0.148

Last System Scan (localtime):
19. Jan 2011, 09:24

Operating System:
Microsoft Windows 7,

---END---

Thanks.

ddmarshall RE: Wrong patch and/or false insecurity report
Dedicated Contributor 19th Jan, 2011 20:48
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 19th Jan, 2011 21:07
You do need an update; 9.4.1 is the secure version.

I don't understand why the check for updates in Acrobat isn't finding anything. What version does it show in Help - About?

You could try bringing it up to date version by version using the updates here:
http://www.adobe.com/support/downloads/product.jsp...

Update:

The patch you have downloaded only applies to 9.3.3 or 9.3.4. If you have an earlier version, you will have to update to 9.3.3 first. After applying the patch you will be at 9.4.0 and will have to apply another update to get to 9.4.1.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+4
-0
dacker RE: Wrong patch and/or false insecurity report
Member 20th Jan, 2011 08:22
Score: 0
Posts: 2
User Since: 19th Jan 2011
System Score: N/A
Location: N/A
Last edited on 20th Jan, 2011 08:25
on 19th Jan, 2011 20:48, ddmarshall wrote:
You do need an update; 9.4.1 is the secure version.

I don't understand why the check for updates in Acrobat isn't finding anything. What version does it show in Help - About?
.
.
.
You could try bringing it up to date version by version using the updates here:
http://www.adobe.com/support/downloads/product.jsp...


My current installation is v9.3.1. I've been very diligent about any updates PSI and/or Adobe Updater have suggested. Since PSI has apparently suggested an update not applicable to my version, it sounds like that's at least part of the source of my error. Adobe Updater must share part of the blame as well for failing to tell me about updates.

As you suggested, I manually downloaded and installed the five updaters totaling 300+MB. Acrobat works just fine and PSI is happy as well.

It's odd how both Adobe Updater and PSI missed them all.

Thanks!
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability