Since Adobe Reader 9.3.1 came out, Secunia Personal Software Inspector has been reporting that I’m running a vulnerable version of Adobe Reader whenever a full scan is performed. When I select rescan, the detection goes away.
The detected file is C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe . But 9.3.1 didn’t update that file. Adobe unfortunately only updates a file version when they change a file, so you can only look at add/remove programs or find the specific file that changed.
I searched on the Secunia Community forum and found a relevant thread. A “Secunia Official” says”
“This is a know (sic) bug, and is in the hands of our developers. The problem is caused by old versions of Acrobat/Reader on other drives, and the PSI using version info from files in their subdirs instead of the version that belongs to the detected instance. Thank you for reporting it, and sorry for the trouble. In the mean time, using the local rescan should produce accurate results.”
I dont see any old versions of Adobe Reader on other drives, but I did find that under windows.old I had a duplicate program files directory with an old Adobe Reader. I have an ignore rule for the windows.old directory so that shouldn’t be the problem. But at least I know they have acknowledged this behavior as a bug.
Normally when they find a vulnerable file version in some odd place they list that as the vulnerable file. In this case there is nothing wrong with the file they are reporting on.
