Skip to main content
C
Chris Soukup
Participant
November 7, 2024
Question

Acrobat Reader seems to silently download a broken zip file from acroipm2.adobe.com

  • November 7, 2024
  • 2 replies
  • 2002 views

It seems that Acrobat Reader is silently downloding a broken zip file (with a broken .png file inside it) from this URL:

 

http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2001.zip

 

We noticed that in the logs on our firewall because this download has been rated as "malicious" due to the inconsistency of the zip file.

This download attempt has been registered on several machines and all they have in common that relates to Adobe is the Acrobat Reader.

 

Basically we could whitelist this URL on the firewall and avoid the notifications but still it wouldn't fix the zip file which would be still broken and probably not usable. It's also possible to decompress the file but it just reveals a broken .png file inside it.

 

Anybody noticed that, too?
Where should I report such bugs to?

The support chat doesn't really help in this case - they just tried to help with the app installation but this is not an installation issue at all.

 

 

This topic has been closed for replies.

2 replies

S
Adobe Employee
skant@adobe
Adobe Employee
November 12, 2024

Hi, thank you for bringing this to our attention. Rest assured, the file located at "http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2001.zip" is not malicious and is necessary for Adobe Reader to function correctly. We’ll work to address this behavior in future releases.

R
rich_6361
Participant
December 6, 2024

A colleague of mine pointed out that the corruption seems to have been a result of the file going through a LF -> CR/LF replacement process, as if it were a text file being transferred from Unix to Windows. All the '0x0a' bytes (corresponding to ascii Linefeed are preceded by an '0x0d' byte. If you remove all the '0x0d' bytes, the file works. It seems like someone at your end transferred the file as text at some point before it got posted on the web server. PLEASE fix this soon.

nickb89091003
nickb89091003
Participant
November 11, 2024

I am not sure I can offer much help other than I am running into this same issue on our network.  I tried to open a support ticket and they pointed me to the Adobe Community.  I started a chat with someone from the adobe support team from there, but the only direciton they could provide was to block the URL, whitelist the URL, and or recreate and re-deploy the Adobe package.  I shared with them a screenshot of the error, but they kept stating that this was a third party monitoring tool and it was seeint Adobe as a third party app and not able to scan it properly.  

 

Essentially an Adobe Engineer needs to read this and review what the issue may be.  

 

As a side note we ran across the same thing last month around the same time and it went away after 2 days.  We reached out to our Security Vendor and the said that it is an Adobe issue.  

C
Chris SoukupAuthor
Participant
November 11, 2024

From my point of view they need to identify who at Adobe is in charge of the content at URL:
http://acroipm2.adobe.com/assets/Owner/arm/adnme4/2001.zip
And why it is being download by Adobe products.

My fear in the beginning was that someone managed to infiltrate Adobe and get access to their update/information deployment system and eventually tried to deposit some kind of malware hidden as a zip file. However it seems to be simply a broken zip file with a broken png file inside it. Still someone messed up here and I guess I will blacklist this URL fo now.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices