Adobe offers workaround for Acrobat-Reader flaw

By SearchSecurity.com Staff 08 Oct 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. has posted a workaround for a critical zero-day flaw in its widely-used programs for making and reading .pdf documents. Attackers could exploit the flaw to hijack Windows machines.

The flaw affects Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions; and Adobe Acrobat 3D. Millions of people use Adobe Acrobat to create .pdf documents and Adobe Reader to view them. Researcher Petko D. Petkov first disclosed the security hole Sept. 20, writing in the GNUCitizen blog that "the issue is quite critical given the fact that .pdf documents are in the core of today's modern business. This and the fact that it may take a while for Adobe to fix their closed-source product are the reasons why I am not going to publish any POCs (proof-of-concept code).

The flaw specifically threatens those running Windows XP with Internet Explorer 7.

As a workaround, Adobe recommended users disable the "mailto:" option in Acrobat, Acrobat 3D 8 and Adobe Reader by "modifying the application options in the Windows registry. Additionally, these changes can be added to network deployments to Windows systems."

This isn't the first time Adobe users have faced a serious security threat. In January, security experts were rattled by the disclosure of easily-exploitable Adobe Reader flaws that could be used for cross-site scripting attacks and other mayhem.

Tags: Securing Productivity Applications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary