Adobe Confirms Critical Bug Affecting Windows XP - InformationWeek
Software // Enterprise Applications
02:21 PM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Adobe Confirms Critical Bug Affecting Windows XP

Adobe issued a workaround for the vulnerability and reported that a fix should be released before the end of the month.

Adobe has confirmed that a critical vulnerability affects users running Microsoft Windows XP and Internet Explorer 7.

The company reported in an online security advisory that the code execution vulnerability affects Adobe Reader V8.1, as well as earlier versions; Adobe Acrobat Standard, Professional, and Elements 8.1, as well as earlier versions, along with Adobe Acrobat 3D. The company has not issued a patch, but laid out a workaround plan in the advisory.

Adobe did report in its online advisory that it is working on an update to V8.1 of Adobe Reader and Acrobat that will patch the problem. The company said it expects to make the update available before the end of the month when it will be published on this site.

Researcher Petko D. Petkov disclosed the vulnerability several weeks ago. The flaw, Petkov explained, could enable a hacker to use malicious PDF files to remotely take control of a machine running Windows XP and IE7.

"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he wrote in his blog, Gnucitizen. "All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This, and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs [proof-of-concept code]. You have to take my word for it. The POCs will be released when an update is available."

Adobe categorized the bug as a "critical issue" and recommended that users apply the suggested workaround.

The workaround calls for administrators to disable the 'mailto' option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry. The changes also can be added to network deployments to Windows systems.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll