Article

Adobe offers workaround for Acrobat-Reader flaw

SearchSecurity.com Staff

Adobe Systems Inc. has posted a workaround for a critical zero-day flaw in its widely-used programs for making and reading .pdf documents. Attackers could exploit the flaw to hijack Windows machines.

The flaw affects

    Requires Free Membership to View

Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions; and Adobe Acrobat 3D. Millions of people use Adobe Acrobat to create .pdf documents and Adobe Reader to view them. Researcher Petko D. Petkov first disclosed the security hole Sept. 20, writing in the GNUCitizen blog that "the issue is quite critical given the fact that .pdf documents are in the core of today's modern business. This and the fact that it may take a while for Adobe to fix their closed-source product are the reasons why I am not going to publish any POCs (proof-of-concept code).

The flaw specifically threatens those running Windows XP with Internet Explorer 7.

As a workaround, Adobe recommended users disable the "mailto:" option in Acrobat, Acrobat 3D 8 and Adobe Reader by "modifying the application options in the Windows registry. Additionally, these changes can be added to network deployments to Windows systems."

This isn't the first time Adobe users have faced a serious security threat. In January, security experts were rattled by the disclosure of easily-exploitable Adobe Reader flaws that could be used for cross-site scripting attacks and other mayhem.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: