Forum Thread: Adobe Reader 8.1.4

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
bjm__ Adobe Reader 8.1.4
Member 22nd Mar, 2009 18:35
Ranking: 64
Posts: 374
User Since: 9th Mar, 2009
System Score: N/A
Location: US
Last edited on 22nd Mar, 2009 18:46

Good day to all,
Trying to understand why PSI scan has not reported Adobe has issued security update 8.1.4 for my Adobe Reader 8.1.3 Don't know if my PSI is functioning properly or if there is a time lag between when a vendor issues a patch/update and the info is updated in Secunia database. Anyone know how often Secunia updates their database. Anyone with Adobe Reader 8.1.3 receive 8.1.4 info from PSI scan. All comments welcome.
Respectfully submitted
bjm-
Please excuse duplicate post. Did not realize post to PSI would appear in last updated thread.

Maurice Joyce RE: Adobe Reader 8.1.4
Handling Contributor 22nd Mar, 2009 23:08
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Is this connected to this post which U have not responded to?
http://secunia.com/community/forum/thread/show/152...

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 22nd Mar, 2009 23:52
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
Last edited on 22nd Mar, 2009 23:54
Maurice,
No that post is by bjrn on 17th Mar, 2009 10:10
My user name is bjm-
Respectfully submitted
bjm-
Was this reply relevant?
+0
-0
Underlien RE: Adobe Reader 8.1.4
Member 23rd Mar, 2009 11:28
Score: 0
Posts: 95
User Since: 4th Dec 2008
System Score: N/A
Location: DK
According to Adobes Website 8.1.3 is the "newest" version (9.1 is ofc newer)

I dont see a Adobe Reader v8.1.4 anywhere.



Underlien
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Reader 8.1.4
Handling Contributor 23rd Mar, 2009 16:21
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
A typical Adobe muddle. Their main download site indicates that the latest version of 8 is 8.13.

They issued a patch on 18th March - version 8.14 - but have not updated the site!

Details of version 8.14 are here:

http://www.adobe.com/support/security/bulletins/ap...

That said the latest secure version of Adobe Reader is version 9 - the link is here:

http://get.adobe.com/uk/reader/

If U only use the Adobe Reader in a basic role to read PDF attachments to emails & web pages why not dump the Adobe 41.1MB of bloat and try the 4MB Foxit Reader.

The link is here:
http://www.foxitsoftware.com/pdf/reader/

If U do decide to switch I advise U remove these 3 items via Add/Remove

Adobe Reader version xxxxx
Adobe AIR
Acrobat.com

You may also wish to see this thread about Adobe AIR.

http://secunia.com/community/forum/thread/show/156...

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 23rd Mar, 2009 17:23
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
Underlien
Look harder you'll find it
Respectfully submitted
bjm-
Still wanting to know why PSI did not inform me of vendor security update 8.1.4 for all Adobe Reader 8.0.0
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 23rd Mar, 2009 17:55
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
Maurice
Thank you for your detailed post.
Adobe has Updated their site, that's how I knew Adobe had issued a security update for Reader 8.1.3. I have 8.1.3. It serves my needs and it now secure with the update 8.1.4 ~ Just because Adobe releases a higher version number that doesn't mean it's secure. Adobe Reader 9 was released and required the security patch 9.1 shorty after it's release. Adobe supports older versions of Reader. No one that uses Adobe Reader needs to install the next higher number 7 to 8 to 9 just because Adobe puts it out. I agree Foxit Reader is lighter and will serve the needs of most users. Foxit Reader is not immune to security vulnerabilities and requires patching just like Adobe Reader.
Please permit me to return the thread back to my original issue. Why PSI did not notify me to patch Adobe Reader 8.1.3 with 8.1.4. Trying to determine if my PSI is functioning or if the Secunia database has not been updated yet. I know the Secunia database has been updated to patch Adobe Reader 9 to 9.1. I wish to know why PSI did not advise me to patch Adobe Reader 8.1.3 to 8.1.4. I thought PSI was supposed to forgo the need for me to find security updates. Isn't that what PSI is supposed to do?
Respectfully submitted
bjm-
Was this reply relevant?
+0
-0
hansbjorn RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 09:09
Score: 0
Posts: 3
User Since: 25th Mar 2009
System Score: N/A
Location: N/A
on 22nd Mar, 2009 18:35, bjm__ wrote:
Good day to all,
Trying to understand why PSI scan has not reported Adobe has issued security update 8.1.4 for my Adobe Reader 8.1.3 Don't know if my PSI is functioning properly or if there is a time lag between when a vendor issues a patch/update and the info is updated in Secunia database. Anyone know how often Secunia updates their database. Anyone with Adobe Reader 8.1.3 receive 8.1.4 info from PSI scan. All comments welcome.
Respectfully submitted
bjm-
Please excuse duplicate post. Did not realize post to PSI would appear in last updated thread.

Was this reply relevant?
+0
-0
hansbjorn RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 09:09
Score: 0
Posts: 3
User Since: 25th Mar 2009
System Score: N/A
Location: N/A
on 22nd Mar, 2009 23:08, Maurice Joyce wrote:
Is this connected to this post which U have not responded to?
http://secunia.com/community/forum/thread/show/152...
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe Reader 8.1.4
Secunia Official 25th Mar, 2009 14:53
Hi

We have updated the Adobe reader detection rule so now the PSI should tell you to update to the correct version 8.1.4 or 7.1.1.

Please note that these updates requires the version just before it 8.1.3 and 7.1.0.

We have provided with some extra installation notes on these 2 entries

--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal

bjm__ RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 16:34
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
to hansbjorn,
that post is not from me...not my user name...thanks for asking though
Respectfully submitted
bjm-
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 16:47
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
to M.Hanen,
Thanks for the info..Was the detection rule not updated due to a bug or just an oversight. What is the time lag between when a vendor issues a security patch/update and the detection rule is updated. I was confused because Adobe Reader 9 detection rule was updated for 9.1 and 8.1.3 was not updated for 8.1.4. Bug, Oversight or Normal Time Lag?
Helpful to know why the detection rule had not been updated for future reference.
Respectfully submitted
bjm-
Was this reply relevant?
+0
-0
klugherz RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 18:41
Score: 0
Posts: 2
User Since: 1st Apr 2008
System Score: N/A
Location: N/A
I have Adobe Acrobat (not Reader) installed on both my desktop and laptop computers, and recently updated them to version 8.1.4. Secunia PSI still detects them as version 8.1.3.187. What's going on?
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 20:33
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
to klugherz,
Have you re-booted and re-scan. I read that suggestion to similiar posts where version did not change after update. Adobe site even states to reboot after update to clean out old files.
Respectfully submitted,
bjm-
Was this reply relevant?
+0
-0
Quitch RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 22:09
Score: 5
Posts: 53
User Since: 17th Apr 2008
System Score: N/A
Location: UK
on 23rd Mar, 2009 17:55, bjm__ wrote:
Maurice
Thank you for your detailed post.
Adobe has Updated their site, that's how I knew Adobe had issued a security update for Reader 8.1.3. I have 8.1.3. It serves my needs and it now secure with the update 8.1.4 ~ Just because Adobe releases a higher version number that doesn't mean it's secure.


However 9.1 was released long before 8.1.4, and I suspect it's a pattern which will be repeated in the future. Plus version 9 is a fair bit nippier than 8.
Was this reply relevant?
+0
-0
hansbjorn RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 23:05
Score: 0
Posts: 3
User Since: 25th Mar 2009
System Score: N/A
Location: N/A
on 22nd Mar, 2009 18:35, bjm__ wrote:
Good day to all,
Trying to understand why PSI scan has not reported Adobe has issued security update 8.1.4 for my Adobe Reader 8.1.3 Don't know if my PSI is functioning properly or if there is a time lag between when a vendor issues a patch/update and the info is updated in Secunia database. Anyone know how often Secunia updates their database. Anyone with Adobe Reader 8.1.3 receive 8.1.4 info from PSI scan. All comments welcome.
Respectfully submitted
bjm-
Please excuse duplicate post. Did not realize post to PSI would appear in last updated thread.

Was this reply relevant?
+0
-0
klugherz RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 23:15
Score: 0
Posts: 2
User Since: 1st Apr 2008
System Score: N/A
Location: N/A
Last edited on 25th Mar, 2009 23:56
to bjm
Yes, I tried rebooting and rescanning before I posted my comment. Does anyone know what file Secunia looks at to determine whether the software is up-to-date? It can't be Acrobat.exe because that file still says version is 8.1.0.137. OTOH, Acrodist.exe and Acrotray.exe are both still 8.1.3.187, which is what Secunia PSI claims the version is. But the version number in About Adobe Acrobat is 8.1.4 and Acrobat.dll is version 8.1.4.200. Is it possible Secunia PSI is looking at the wrong file?
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 25th Mar, 2009 23:54
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
to Quitch,
thanks for your post..the release date for Adobe Reader 7, 8 and 9 Security Update was March 18th. I viewed the info at Adobe.com for 7,8 and 9 the day it was posted on the site. I refer you to earlier post in this thread from M. Hansen. I believe the release from Adobe was on the same day. However, the detetion rules were not all updated at the same time from Secunia. That's what I understood from M. Hanson post.
Respectfully submitted,
bjm-
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 26th Mar, 2009 00:01
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
on 25th Mar, 2009 23:15, klugherz wrote:
to bjm
Yes, I tried rebooting and rescanning before I posted my comment. Does anyone know what file Secunia looks at to determine whether the software is up-to-date? It can't be Acrobat.exe because that file still says version is 8.1.0.137. OTOH, Acrodist.exe and Acrotray.exe are both still 8.1.3.187, which is what Secunia PSI claims the version is. But the version number in About Adobe Acrobat is 8.1.4 and Acrobat.dll is version 8.1.4.200. Is it possible Secunia PSI is looking at the wrong file?

If no help from Community..try email to Secunia, maybe a Secunia Offical will chime in.
Good Luck
bjm-
Was this reply relevant?
+0
-0
Kurosh RE: Adobe Reader 8.1.4
Member 30th Mar, 2009 20:06
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
on 26th Mar, 2009 00:01, bjm__ wrote:
If no help from Community..try email to Secunia, maybe a Secunia Offical will chime in.
Good Luck
bjm-


Hi All,

This is a known issue:

(unknown source)
Hi
Thank you for contacting Secunia Support

We are aware of the problem, and we will fix it shortly.

The problem is the updated file does not include the .exe file on which we normally use to detect the file version.


--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal...
Was this reply relevant?
+0
-0
jmillar RE: Adobe Reader 8.1.4 and 8.1.5: false positives or real danger?
Member 14th May, 2009 16:55
Score: 0
Posts: 2
User Since: 13th May 2009
System Score: N/A
Location: N/A
PSI is an excellent and extremely useful application, but it still has its rough edges:

I have uninstalled old Adobe Reader, marked as 'dangerous', and have made a clean reinstall of 8.1.3, followed by patches 8.1.4 and 8.1.5 and rebooted as the Adobe webpage instructs. Adobe Reader comes up and reports "Version 8.1.5",

But PSI keeps looking at the AcroRd32.exe file which does not seem to be changed by the 814 and 815 patches, and it keeps warning the user.

It's probably minor, but it's certainly unsettling, specially in these times of pervasive exploits in MANY popular applications.

Secunia should take a closer look at the intricacies of the patching process so that PSI looks for the right file to base its report on! I think there must be a LOT of false positives showing up right now.
(Still better than 'false negatives', though)

I have the same problem with "Real Player". When upgrading from Version 10.5 to version 11 the "realplay.exe" file remained the same, and PSI keeps telling me I have a dangerous vulnerability in 10.5. Do I really?
My player reports a safe build of Version 11. Who should I believe?

Does the answer I quote below apply to my Adobe and Real Player?

on 30th Mar, 2009 20:06, Kurosh wrote:
Hi All,

This is a known issue:

(unknown source)
Hi
Thank you for contacting Secunia Support

We are aware of the problem, and we will fix it shortly.

The problem is the updated file does not include the .exe file on which we normally use to detect the file version.


--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal...
Was this reply relevant?
+0
-0
Alan_Baxter RE: Adobe Reader 8.1.4
Member 14th May, 2009 18:39
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Last edited on 15th May, 2009 19:12
Yes, it can be a bit confusing. I just ran a new scan on my system which has Adobe Reader 8.1.5, updated a day or two ago from 8.1.4 using Adobe Reader Check for Updates. PSI reports that my Adobe Reader 8.x installation is patched, which is correct. PSI reports I have 8.1.4.200, which is incorrect. PSI then goes on to give instructions on how to update to 8.1.5. Me thinks PSI is a bit confused. But that happens sometimes with PSI, so I'm not worried. I'm sure the Secunia team will get it sorted out in good time.

Edit: That's odd. Even though PSI completed the full scan and reported that all programs were patched, it still claims the last full scan was done six days ago. It also doesn't seem to know about any of the program updates I've done in the past week. I've exited PSI and restarted it twice. Ran another full scan and got the same result with no error messages. Hmm. I did an update from IE7 to IE8 three days ago. IE8 had some unfortunate side effects on the performance of my system, so I uninstalled shortly thereafter. I wonder if this is another problem caused by that install. I've verified that https://psi.secunia.com is still a trusted site, according to the latest PSI setup instructions. The trusted site security level is still set at the default, Medium.

Edit 2: XPSP3 here. I did a system restore from the restore point previous to the IE8 install, updated Adobe Reader again to 1.8.5, and scanned with PSI. The scan worked this time and PSI sees Adobe Reader 8.1.5.231 now. All is well.
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 28th Jul, 2009 19:45
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
Last edited on 28th Jul, 2009 19:48
all inquiries as to whether if this post is related to that post...
please note user is not the same

I am bjm- not bjrn

Regards
bjm-
Was this reply relevant?
+0
-0
Handries RE: Adobe Reader 8.1.4
Member 28th Jul, 2009 23:31
Score: 1
Posts: 3
User Since: 9th Apr 2008
System Score: N/A
Location: CA
Last edited on 28th Jul, 2009 23:45
Yes, I agree with Maurice Joyce above, regarding the Foxit Reader, as I have been a very satisfied user of it for quite some time now.
It's fast and there's no problem with getting updates as the program will automatically notify the user with a pop-up window when one is available.
Was this reply relevant?
+0
-0
bjm__ RE: Adobe Reader 8.1.4
Member 29th Jul, 2009 02:09
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
Hi Adobe Reader thread,

Long time loyal Adobe Reader user has jumped ship with the help of this Forum to Foxit Reader. I disabled (for now) all Adobe Reader IE add-ons and Reader FF plugins. Foxit Reader has another convert.

Regards
bjm-
Was this reply relevant?
+0
-0
eSKzHvZreJxktYLUd4jN1oy... RE: Adobe Reader 8.1.4
Member 17th Aug, 2009 15:10
Score: -1
Posts: 82
User Since: 7th Dec 2009
System Score: N/A
Location: N/A
I would do like bjm- :-)

Quote from http://www.sans.org/newsletters/newsbites/newsbite...

"[Editor's Note (Northcutt): I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit the use of Adobe products whenever you can. ]"

Fortunatelly there are lots of other free PDF-readers like Foxit Reader, Sumatra PDF etc.

http://www.foxitsoftware.com/pdf/reader
http://blog.kowalczyk.info/software/sumatrapdf/ind...
http://pdfreaders.org/
Was this reply relevant?
+0
-0

This thread has been marked as locked.