Security updates available for Adobe Acrobat and Reader | APSB18-09

caverna · ‎05-15-2018

Hi guys, this is my suggestion to report this vulnerability described at https://helpx.adobe.com/security/products/acrobat/apsb18-09.html


Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  tblAssets.IPAddress,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  tblSoftware.Lastchanged
From tblAssets
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On (
    tblSoftwareUni.SoftID = tblSoftware.softID And (
      (tblSoftwareUni.softwareName Like '%Acrobat Reader%' Or tblSoftwareUni.softwareName Like '%Acrobat%') And 
      tblSoftwareUni.softwareName Not Like '%Extended Asian%' And 
      tblSoftwareUni.softwareName Not Like '%Acrobat.com%' And 
      tblSoftwareUni.softwareName Not Like '%MUI%'
    )
  )
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Where
  tblAssetCustom.State = 1 And
  Convert(Int,replace (tblSoftware.softwareVersion,'.','')) <= 1801120038
Order By
  tblAssets.Domain,
  tblAssets.AssetName,
  Software

based on: https://www.lansweeper.com/forum/yaf_postst16153_7-Zip-Arbitrary-Code-Execution-Vulnerability-Check.aspx
updated according to Sylvie suggestion!

caverna · ‎06-04-2018

Sylvie wrote:
Hi,

Here is my report for this vulnerabilty:
avoid using substring and use replace instead --> legacy Adobe products taken into account
filter the softwarename directly within the Inner Join --> faster and avoid "Convert(Int,..." to be analysed first
add some exceptions to the filter : acrobat.com and %MUI% products

f*cking awsome!!!

View solution in original post

Sylvie · ‎06-04-2018

Hi,

Here is my report for this vulnerabilty:

avoid using substring and use replace instead --> legacy Adobe products taken into account
filter the softwarename directly within the Inner Join --> faster and avoid "Convert(Int,..." to be analysed first
add some exceptions to the filter : acrobat.com and %MUI% products

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  tblAssets.IPAddress,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  Convert(Int,replace (tblSoftware.softwareVersion,'.','')) as intVersion,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  tblSoftware.Lastchanged
From tblAssets
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On (tblSoftwareUni.SoftID = tblSoftware.softID And ((tblSoftwareUni.softwareName Like '%Acrobat Reader%' Or tblSoftwareUni.softwareName Like '%Acrobat%') And
    tblSoftwareUni.softwareName Not Like '%Extended Asian%' And
    tblSoftwareUni.softwareName Not Like '%Acrobat.com%' And
    tblSoftwareUni.softwareName Not Like '%MUI%'))
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Where
        tblAssetCustom.State = 1 And
        Convert(Int,replace (tblSoftware.softwareVersion,'.','')) <= 1801120038
Order By tblAssets.Domain,
  tblAssets.AssetName,
  Software

Sylvie

caverna · ‎06-04-2018

Sylvie wrote:
Hi,

Here is my report for this vulnerabilty:
avoid using substring and use replace instead --> legacy Adobe products taken into account
filter the softwarename directly within the Inner Join --> faster and avoid "Convert(Int,..." to be analysed first
add some exceptions to the filter : acrobat.com and %MUI% products

f*cking awsome!!!

MatijaS · ‎05-30-2018

This happens when executing the report. Yes we are using the latest version of Lansweeper.

caverna · ‎05-30-2018

MatijaS wrote:
This happens when executing the report. Yes we are using the latest version of Lansweeper.

Please look at lines 24, 25 and 26.
This is a dirt trick (borrowed from 7-zip report) to check version number.
I'm pretty that if you remove the lines from 19 to 27, you will be able to see which version number is causing problem.

MatijaS · ‎06-01-2018

caverna wrote:
MatijaS wrote:
This happens when executing the report. Yes we are using the latest version of Lansweeper.

Please look at lines 24, 25 and 26.
This is a dirt trick (borrowed from 7-zip report) to check version number.
I'm pretty that if you remove the lines from 19 to 27, you will be able to see which version number is causing problem.

Thanks it works.

MatijaS · ‎05-21-2018

Hi,

I`m getting this error "Error: Conversion failed when converting the nvarchar value '7.0.667' to data type int."

caverna · ‎05-21-2018

MatijaS wrote:
Hi,

I`m getting this error "Error: Conversion failed when converting the nvarchar value '7.0.667' to data type int."

Please provide a little more information...
When this occurs? Importing the report or executing?
Are you using the last Lansweeper version?

Esben_D · ‎05-17-2018

I'd recommend creating a separate topic for the deployment package in Lansweeper questions. That way this topic can focus on the report.

I did find these other topics which have examples of Adobe reader deployments, they might help:
https://www.lansweeper.com/forum/yaf_postst12976findunread_Install-Adobe-Acrobat-Reader-DC--SD--newest-Update.aspx#post49898
https://m.lansweeper.com/forum/yaf_postst9850_Silently-install-Adobe-Reader--11-0-9.aspx#post38276

caverna · ‎05-17-2018

My problem now is to create a reliable deploy package to Adobe reader...
Following the examples and googling, I was able to create a "prototype", but it fails many time...

Security updates available for Adobe Acrobat and Reader | APSB18-09

Reports & Analytics

New to Lansweeper?

Try Lansweeper For Free