Article

Multiple flaws in Adobe Reader, Acrobat

Bill Brenner

Adobe Reader and Acrobat contain multiple security flaws attackers could exploit to execute malicious commands on victims' computers, the French Security Incident Response Team (FrSIRT) warned in an advisory.

Adobe recommends users

Requires Free Membership to View

of Adobe Reader 7.0 through 7.0.8 upgrade to Reader 8 to fix the problems. It also released a workaround.

FrSIRT said memory corruption errors exist in the AcroPDF ActiveX control, also known as AcroPDF.dll. Because of this, the application mishandles malformed arguments passed to the "setPageMode()", "setLayoutMode()", "setNamedDest()", and "LoadFile()" methods. Attackers could exploit this to execute arbitrary commands by tricking the user into visiting a specially crafted Web page with Internet Explorer.

Adobe security:
Trojan poses as Adobe software update

Security School: Antivirus directions and futures

Tip: Ajax security: How to prevent exploits in five steps

Adobe acknowledged the existence of the flaws in an advisory, saying, "These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system."

The problems affect Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected, Adobe said.

Adobe also said the following workaround will prevent exploits from occurring:

  • Exit Internet Explorer and Adobe Reader.
  • Browse to :Program FilesAdobeAcrobat 7.0ActiveX. [If Acrobat is not installed to the default location, browse to the location of the Acrobat 7.0 folder.]
  • Select AcroPDF.dll and delete it.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: