Adobe offers workaround for Acrobat-Reader flaw

By SearchSecurity.com Staff 08 Oct 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. has posted a workaround for a critical zero-day flaw in its widely-used programs for making and reading .pdf documents. Attackers could exploit the flaw to hijack Windows machines.

The flaw affects Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions; and Adobe Acrobat 3D. Millions of people use Adobe Acrobat to create .pdf documents and Adobe Reader to view them. Researcher Petko D. Petkov first disclosed the security hole Sept. 20, writing in the GNUCitizen blog that "the issue is quite critical given the fact that .pdf documents are in the core of today's modern business. This and the fact that it may take a while for Adobe to fix their closed-source product are the reasons why I am not going to publish any POCs (proof-of-concept code).

The flaw specifically threatens those running Windows XP with Internet Explorer 7.

As a workaround, Adobe recommended users disable the "mailto:" option in Acrobat, Acrobat 3D 8 and Adobe Reader by "modifying the application options in the Windows registry. Additionally, these changes can be added to network deployments to Windows systems."

This isn't the first time Adobe users have faced a serious security threat. In January, security experts were rattled by the disclosure of easily-exploitable Adobe Reader flaws that could be used for cross-site scripting attacks and other mayhem.

Tags: Securing Productivity Applications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Adobe working on patch to correct new zero-day flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary