Adobe offers workaround for Acrobat-Reader flaw

By SearchSecurity.com Staff 08 Oct 2007 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Adobe Systems Inc. has posted a workaround for a critical zero-day flaw in its widely-used programs for making and reading .pdf documents. Attackers could exploit the flaw to hijack Windows machines.

The flaw affects Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions; and Adobe Acrobat 3D. Millions of people use Adobe Acrobat to create .pdf documents and Adobe Reader to view them. Researcher Petko D. Petkov first disclosed the security hole Sept. 20, writing in the GNUCitizen blog that "the issue is quite critical given the fact that .pdf documents are in the core of today's modern business. This and the fact that it may take a while for Adobe to fix their closed-source product are the reasons why I am not going to publish any POCs (proof-of-concept code).

The flaw specifically threatens those running Windows XP with Internet Explorer 7.

As a workaround, Adobe recommended users disable the "mailto:" option in Acrobat, Acrobat 3D 8 and Adobe Reader by "modifying the application options in the Windows registry. Additionally, these changes can be added to network deployments to Windows systems."

This isn't the first time Adobe users have faced a serious security threat. In January, security experts were rattled by the disclosure of easily-exploitable Adobe Reader flaws that could be used for cross-site scripting attacks and other mayhem.

Tags: Web Application Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Twitter settles with FTC over security issues, careless policies Report: Google to phase out Windows, cites security issues New tool enables botnet command and control via Twitter Symantec Internet threat report highlights botnet, malware trends Researchers aim to smarten Web application security scanners Security-related social networking issues abound in organisations New cloud VPN service improves application acceleration, security New banking Trojan targets U.K. banks Social networking risks, benefits for enterprises weighed by RSA panel How to prevent Adobe hacks from affecting your organisation

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary