Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed?

A couple of weeks ago, we announce a new critical vulnerability in Adobe Acrobat or Reader 8.1.2 that allows remote code execution. Adobe released an update for it, Security Update 1. The update process was confusing for lot of people, and after completing it,  it was not clear how to check if the update had been properly installed, as it still says version 8.1.2  almost everywhere.

There are different ways to check it is installed. Thanks Erick (from Adobe). Please, scroll to the bottom of the Release Notes for instructions on Windows and Mac:

http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403742&sliceId=1

--
Raul Siles
www.raulsiles.com

Raul Siles

152 Posts
Could Erick from Adobe please pass on proper versioning procedure to the Adobe devs? Using the modify date of an API is not reliable nor industry standard.

Even Microsoft, who since Windows 95 has stopped advertising by true version, at least has a real version number buried in there.

Please, give us the tools to stay up to date!
Jason

4 Posts
*.API files are DLLs under the skin and Adobe uses proper Win32 versioning on them:

C:\>filever "C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api"
--a-- W32i DLL ENU 8.1.2.215 shp 4,124,771 06-07-2008 annots.api

Prior to SU1, the version string on annots.api was 8.1.0.something (I no longer have any machines running pre-SU1 to test - sorry). If you don't have filever in your Win32 toolkit, you should snag it. Filever -v can be very useful sometimes. Keep in mind that the versioning structures under Windows can be complicated - there are both numeric and string forms, and slopper developers don't always ensure that they match.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!