Adobe Confirms Critical Bug Affecting Windows XP - InformationWeek
Software // Enterprise Applications
02:21 PM
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Adobe Confirms Critical Bug Affecting Windows XP

Adobe issued a workaround for the vulnerability and reported that a fix should be released before the end of the month.

Adobe has confirmed that a critical vulnerability affects users running Microsoft Windows XP and Internet Explorer 7.

The company reported in an online security advisory that the code execution vulnerability affects Adobe Reader V8.1, as well as earlier versions; Adobe Acrobat Standard, Professional, and Elements 8.1, as well as earlier versions, along with Adobe Acrobat 3D. The company has not issued a patch, but laid out a workaround plan in the advisory.

Adobe did report in its online advisory that it is working on an update to V8.1 of Adobe Reader and Acrobat that will patch the problem. The company said it expects to make the update available before the end of the month when it will be published on this site.

Researcher Petko D. Petkov disclosed the vulnerability several weeks ago. The flaw, Petkov explained, could enable a hacker to use malicious PDF files to remotely take control of a machine running Windows XP and IE7.

"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he wrote in his blog, Gnucitizen. "All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This, and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs [proof-of-concept code]. You have to take my word for it. The POCs will be released when an update is available."

Adobe categorized the bug as a "critical issue" and recommended that users apply the suggested workaround.

The workaround calls for administrators to disable the 'mailto' option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry. The changes also can be added to network deployments to Windows systems.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll