Adobe Confirms Critical Bug Affecting Windows XP - InformationWeek
Software // Enterprise Applications
02:21 PM

Adobe Confirms Critical Bug Affecting Windows XP

Adobe issued a workaround for the vulnerability and reported that a fix should be released before the end of the month.

Adobe has confirmed that a critical vulnerability affects users running Microsoft Windows XP and Internet Explorer 7.

The company reported in an online security advisory that the code execution vulnerability affects Adobe Reader V8.1, as well as earlier versions; Adobe Acrobat Standard, Professional, and Elements 8.1, as well as earlier versions, along with Adobe Acrobat 3D. The company has not issued a patch, but laid out a workaround plan in the advisory.

Adobe did report in its online advisory that it is working on an update to V8.1 of Adobe Reader and Acrobat that will patch the problem. The company said it expects to make the update available before the end of the month when it will be published on this site.

Researcher Petko D. Petkov disclosed the vulnerability several weeks ago. The flaw, Petkov explained, could enable a hacker to use malicious PDF files to remotely take control of a machine running Windows XP and IE7.

"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he wrote in his blog, Gnucitizen. "All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This, and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs [proof-of-concept code]. You have to take my word for it. The POCs will be released when an update is available."

Adobe categorized the bug as a "critical issue" and recommended that users apply the suggested workaround.

The workaround calls for administrators to disable the 'mailto' option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry. The changes also can be added to network deployments to Windows systems.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll