Multiple flaws in Adobe Reader, Acrobat

Updated: Multiple flaws in Adobe Reader and Acrobat could allow attackers to execute malicious commands on victims' computers. A fix is now available.

Adobe Reader and Acrobat contain multiple security flaws attackers could exploit to execute malicious commands on victims' computers, the French Security Incident Response Team (FrSIRT) warned in an advisory.

Adobe recommends users of Adobe Reader 7.0 through 7.0.8 upgrade to Reader 8 to fix the problems. It also released a workaround.

FrSIRT said memory corruption errors exist in the AcroPDF ActiveX control, also known as AcroPDF.dll. Because of this, the application mishandles malformed arguments passed to the "setPageMode()", "setLayoutMode()", "setNamedDest()", and "LoadFile()" methods. Attackers could exploit this to execute arbitrary commands by tricking the user into visiting a specially crafted Web page with Internet Explorer.

Adobe security:
Trojan poses as Adobe software update

Security School: Antivirus directions and futures

Tip: Ajax security: How to prevent exploits in five steps

Adobe acknowledged the existence of the flaws in an advisory, saying, "These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system."

The problems affect Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected, Adobe said.

Adobe also said the following workaround will prevent exploits from occurring:

  • Exit Internet Explorer and Adobe Reader.
  • Browse to :Program FilesAdobeAcrobat 7.0ActiveX. [If Acrobat is not installed to the default location, browse to the location of the Acrobat 7.0 folder.]
  • Select AcroPDF.dll and delete it.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close