Software // Enterprise Applications
News
10/8/2007
02:21 PM
Connect Directly
RSS
E-Mail
50%
50%

Adobe Confirms Critical Bug Affecting Windows XP

Adobe issued a workaround for the vulnerability and reported that a fix should be released before the end of the month.

Adobe has confirmed that a critical vulnerability affects users running Microsoft Windows XP and Internet Explorer 7.

The company reported in an online security advisory that the code execution vulnerability affects Adobe Reader V8.1, as well as earlier versions; Adobe Acrobat Standard, Professional, and Elements 8.1, as well as earlier versions, along with Adobe Acrobat 3D. The company has not issued a patch, but laid out a workaround plan in the advisory.

Adobe did report in its online advisory that it is working on an update to V8.1 of Adobe Reader and Acrobat that will patch the problem. The company said it expects to make the update available before the end of the month when it will be published on this site.

Researcher Petko D. Petkov disclosed the vulnerability several weeks ago. The flaw, Petkov explained, could enable a hacker to use malicious PDF files to remotely take control of a machine running Windows XP and IE7.

"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he wrote in his blog, Gnucitizen. "All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This, and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs [proof-of-concept code]. You have to take my word for it. The POCs will be released when an update is available."

Adobe categorized the bug as a "critical issue" and recommended that users apply the suggested workaround.

The workaround calls for administrators to disable the 'mailto' option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry. The changes also can be added to network deployments to Windows systems.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.