Adobe has issued a security advisory on Friday pertaining to a code execution vulnerability affecting PDF files. This comes almost three weeks after a public disclosure which I covered.
Adobe issued a security advisory on Friday pertaining to a code execution vulnerability affecting PDF files. This comes almost three weeks after a public disclosure, which I discussed here.
This security flaw is particularly dangerous as potentially millions of Windows users could be affected. Users running Windows XP computers with Internet Explorer 7 installed are at risk from rigged PDF files if they use the following Adobe products:
- Adobe Reader 8.1 and earlier
- Adobe Acrobat Standard, Professional, Elements 8.1 and earlier
- Adobe Acrobat 3D
It's worth noting that the recommended pre-patch workaround is unsupported and involves the manual editing of the registry.
To protect Windows XP systems with Internet Explorer 7 installed from this vulnerability, administrators can disable the mailto: option in Acrobat, Acrobat 3D 8, and Adobe Reader by modifying the application options in the Windows registry. Additionally, these changes can be added to network deployments to Windows systems.
Security folks and system administrators might want to check out the official security advisory as soon as possible.