navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Acrobat X 10.x

This thread has been marked as resolved.
jmorlan Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 24th Apr, 2011 07:33
Ranking: 4
Posts: 12
User Since: 26th Nov, 2008
System Score: N/A
Location: US
Secunia is reporting my updated and current Acrobat X 10.0.3 installation as 10.0.1. It is looking at acrobat.exe which is 10.0.1 but the 10.0.3 is merely an updated flash. It is not reflected in acrobat.exe.

Furthermore the fix download updates to 10.0.2 which is not the current version.

Post "RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure" has been selected as an answer.
Freebyrdwil RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 24th Apr, 2011 14:51
Score: 3
Posts: 8
User Since: 11th Nov 2009
System Score: N/A
Location: N/A
Same Situation,
See my previous post,
Secunia, help please.
Freebyrdwil
Was this reply relevant?
+2
-0
Anthony Wells RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Expert Contributor 24th Apr, 2011 16:43
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 24th Apr, 2011 17:04
Hi ,

Secunia do not work on the PSI at weekends .

Past history shows that Adobe updates where the .exe or .dll files Secunia use for their detection rules were not updated causes some delays for the PSI to record the update . A Flash update tends to be centred on the "authplay.dll" file .

In addition Acrobat normally takes longer to update than the free Reader alone .

Both Secunia and Adobe consider that if your programme's "About" says you have the latest "security" patched/updated version then you are on that version and "secure" .

The PSI will only offer the update to the latest secure version and not to any subsequent bug or eye candy fixed version .

You will need to wait for Secunia to return on Tuesday for anything to change ; if nothing has happened by Wednesday and they have not picked up this thread you could email them at support@secunia.com .

Hope that is clear , if not ask again .

Anthony

EDIT:This SA43772 shows that 10.0.2 is the "latest" fully patched version :-

http://secunia.com/advisories/43772/

whilst 10.0.3 is only a partial fix according to SA44149 which was modified/dating from Friday the 22nd April :-

http://secunia.com/advisories/44149/

and will not yet have reached the PSI detection rules either !!


this is probably adding further complications as per :-

Solution
Update to version 9.4.4 or 10.0.3. Please note that according to Adobe, the Adobe Reader X Protected Mode prevents successful exploitation and due to this an update is not currently available for Adobe Reader X for Windows, but scheduled for June 14, 2011.
Further details available in Customer Area



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+4
-0
jmorlan RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 25th Apr, 2011 02:41
Score: 4
Posts: 12
User Since: 26th Nov 2008
System Score: N/A
Location: US
Thanks. Secunia seems to be saying the 10.0.2 patch is secure but the 10.0.3 patch is not? Am I supposed to revert to 10.0.2 to be secure?
Was this reply relevant?
+0
-0
Anthony Wells RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Expert Contributor 25th Apr, 2011 13:21
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Apr, 2011 13:33
Hi ,

The patches are in sequence ; if you carefully read the SA's I have linked for you , you will see that 10.0.3 is a patch for 10.0.2 ; so that is the latest patch for Acrobat . Secunia will (hopefully) update the PSI detection rules and update link next week to reflect this .

The caveat is for the "Reader X Protected Mode " mitigation , where the 10.0.3 Acrobat patch is only a partial fix for the insecurity , as Adobe consider that the vulnerability is not exploitable in the protected mode and so the full Reader X patch is being made available only in June . The details are found here , scroll down for Acrobat/reader info :-

http://www.adobe.com/support/security/advisories/a...

If you have updated to 10.0.3 - cofirmed by your Adobe programme's "About" - and the PSI is still reporting you with 10.0.1 and advising you to update to 10.0.2 , tthen what is the "detected instance pathway" of the insecure version (click the [+] to the lhs of the display) ?? Does it also display a secure version of 10.0.2 or 10.0.3 in the "scan Results" ??

Hope that is a little bit clearer .

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
jmorlan RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 25th Apr, 2011 17:42
Score: 4
Posts: 12
User Since: 26th Nov 2008
System Score: N/A
Location: US
Thanks. As I thought I explained in the first message, "It is looking at acrobat.exe which is 10.0.1 but the 10.0.3 is merely an updated flash. It is not reflected in acrobat.exe. "

I've checked the path and that is all that Secunia is detecting in my Acrobat installation. I thought this was supposed to be fixed in 10.0.2, but it's still looking only at the installed acrobat.exe to get the version.

Sorry I still don't get that 10.0.3 is only a partial fix while 10.0.2 is secure. 10.0.3 is not available for the Windows version of Reader because of the sandboxing. It is only available as an "out of cycle" update for Acrobat and for the Mac version of Reader.
Was this reply relevant?
+1
-0
Anthony Wells RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Expert Contributor 25th Apr, 2011 18:17
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Apr, 2011 18:32
Hello again ,

As I said earlier , the PSI detection rules are not always what they might seem to be as they use different files for product detection and version detection and to detect certain types of updates :-

on 24th Apr, 2011 16:43, Anthony Wells wrote:
Hi ,

Past history shows that Adobe updates where the .exe or .dll files Secunia use for their detection rules were not updated causes some delays for the PSI to record the update . A Flash update tends to be centred on the "authplay.dll" file .

In addition Acrobat normally takes longer to update than the free Reader alone .



As the update to 10.0.2 dates back in the SA43772 to 22nd March :-

http://secunia.com/advisories/43772

I was wondering why the PSI was still detecting your 10.0.2/10.0.3 as 10.0.1 and was asking for you to post the specific and full details of the "detected instance" pathway and to confirm whether or not you had a display of an up to date 10.0.2 or 10.0.3 to be sure it is/was a rule problem rather than your assumptions EDIT: eg: the .exe file locates the product but frequently not the version . So , what is the pathway(s) ?? Do you have more than one instance of Acrobat ??

In the past Adobe within platform updates have been incremental ; did you go from 10.0.1 to 10.0.2 to 10.0.3 ??

As I read the Adobe advisory , the update to 10.0.3 appears to fix the problem in Acrobat X but is stated as "partial" by the Secunia Advisory 44149 as it does not fix Reader X which , as you say , relies on it's "sandboxing" . I do not read that as meaning a "partial" Acrobat X fix ,but it is confusing and I could be wrong .

Anthony

EDIT : the detection problem was seemingly fixed one month ago by Secunia as per this thread :-

http://secunia.com/community/forum/thread/show/790...

Have you rebooted and run a full scan since updating ??



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
jmorlan RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 25th Apr, 2011 21:44
Score: 4
Posts: 12
User Since: 26th Nov 2008
System Score: N/A
Location: US
Last edited on 25th Apr, 2011 22:14
Okay. I just did a rescan and here's the full report.

(unknown source)
Program Name:
Adobe Acrobat X 10.x

Security State:
Insecure

Download Link:
http://ardownload.adobe.com/pub/adobe/acrobat/win/...

Instances Found:
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe, version: 10.0.1.434

Last System Scan (localtime):
25. Apr 2011, 12:37

Operating System:
Microsoft Windows 7,

---END---

The contents of this report may be helpful for users on the Secunia Community Forum if you would like their assistence in solving problems with specific programs.


As I pointed out, my installation reports as 10.0.3 (see title of thread). Note that at least one other user is reporting the exact same issue. Do you have Acrobat installed? How does Secunia report for you?

Edit: Forgot to answer your other question. Yes I did incremental updates going through 10.0.1, 10.0.2 and now 10.0.3.

I am aware that this issue was supposedly fixed a month ago. That fix appears to only work for 10.0.2. It does not appear to work for 10.0.3 which is the subject of this thread.

Thanks.
Was this reply relevant?
+1
-0
JackOliver RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 26th Apr, 2011 04:42
Score: 3
Posts: 3
User Since: 18th Sep 2010
System Score: N/A
Location: N/A
Last edited on 26th Apr, 2011 04:42
I have this same problem. When I select "About Acrobat" from within Acrobat, it lists version 10.0.3, but when I look at Acrobat in "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat", the file version/product version is 10.0.1.434.

When I check for updates, Acrobat says that it's up-to-date.
Was this reply relevant?
+1
-0
This user no longer exists RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 26th Apr, 2011 08:42
Hi,

As for the PSI showing 10.0.0.2 to be the latest secure version, this is correct. The PSI is a security patch checker, not a general updater.

And for the actual issue at hand. This is, as noted, a common issue with adobe product.. they fail to update the version number of files.

For this reason, it will be needed that a customer or user suggest us a file from the most recent release of Adobe Acrobat with the version number = to 10.0.0.3. Try looking around the Adobe Acrobat installation folder and see if you can find one. If you do, please suggest it to us and add "Adobe Acrobat Attn: Emil" to the comment field.

Was this reply relevant?
+0
-0
jmorlan RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 26th Apr, 2011 15:15
Score: 4
Posts: 12
User Since: 26th Nov 2008
System Score: N/A
Location: US
on 26th Apr, 2011 08:42, wrote:
Hi,

As for the PSI showing 10.0.0.2 to be the latest secure version, this is correct. The PSI is a security patch checker, not a general updater.

And for the actual issue at hand. This is, as noted, a common issue with adobe product.. they fail to update the version number of files.

For this reason, it will be needed that a customer or user suggest us a file from the most recent release of Adobe Acrobat with the version number = to 10.0.0.3. Try looking around the Adobe Acrobat installation folder and see if you can find one. If you do, please suggest it to us and add "Adobe Acrobat Attn: Emil" to the comment field.


The following file from my updated installation is dated 15 April 2011 and has a version number of 10.0.3.5

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

I don't see a "comment field" anywhere, so I'm not sure how to do what you ask.

Thanks.

Was this reply relevant?
+0
-0
This user no longer exists RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 26th Apr, 2011 15:43
Hi,

Just send it in, I'll just tell my colleques not to touch it. ;0

Thank you for helping.
Was this reply relevant?
+0
-0
jmorlan RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 26th Apr, 2011 20:24
Score: 4
Posts: 12
User Since: 26th Nov 2008
System Score: N/A
Location: US
on 26th Apr, 2011 15:43, wrote:
Hi,

Just send it in, I'll just tell my colleques not to touch it. ;0

Thank you for helping.


Thanks, but I could not find a way to send an attachment via your web support form. There is no support email address listed on your contact page. Instead it is recommended to post here.

I tried sending the file as an attachment to support@secunia.com. Is that the right address?

Thanks.
Was this reply relevant?
+0
-0
Anthony Wells RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Expert Contributor 26th Apr, 2011 20:36
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 26th Apr, 2011 20:38
Hi ,

Emil wants you to use the "Are you missing a Program" link at the top(pish) right of the "Scan results" page where you can browse to and upload your file for him to use . You will find there is an "additional information" or comments field for you .

The email adress was the correct one , but you may want to resend using the PSI link , to be sure , to be sure .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
jmorlan RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 26th Apr, 2011 20:53
Score: 4
Posts: 12
User Since: 26th Nov 2008
System Score: N/A
Location: US
Thanks. I had to add https://psi.secunia.com to the trusted zone in IE but it seemed to work after that.
Was this reply relevant?
+0
-0
lspotorno RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 26th Apr, 2011 23:26
Score: 0
Posts: 1
User Since: 26th Apr 2011
System Score: N/A
Location: IT
Hi,

maybe I'm wrong, but the problem could reside in the Acrobat Distiller version.

I have installed the latest patches and my Acrobat X version is 10.0.3; however, Acrobat Distiller version is still 10.0.1434.

Regards
-luca-
Was this reply relevant?
+0
-0
This user no longer exists RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 27th Apr, 2011 10:25
Hi,

With the help of user suggestions I modified our rules.

If you run a full rescan, the correct version should be detected.

Can anyone verify?
Was this reply relevant?
+0
-0
Freebyrdwil RE: Acrobat X 10.0.3 incorrectly reported as 10.0.1 insecure
Member 27th Apr, 2011 15:17
Score: 3
Posts: 8
User Since: 11th Nov 2009
System Score: N/A
Location: N/A
Confirmed,
Thank You So Much!
Freebyrdwil
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+