PDF problems?

Oct 9, 2007 08:47 GMT  ·  By

I wrote a hot material a couple of weeks ago, about the fact that Petko D. Petkov of GNUcitizen had discovered serious vulnerabilities caused by opening PDF files. Hackers exploiting those could have screwed up (for good) the Windows box. He didn't give us the proof of concept, in fear hackers will use it and the matter remained unpatched. The vulnerability continues to exist even now, but at least there is some good news. Windows Vista with Internet Explorer 7 installed is not affected and a workaround exists for XP. View the material I linked above, if you are not familiar with the flaws in question.

Adobe acknowledges that Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and prior versions as well as Adobe Acrobat 3D are affected. In the advisory, they say that the solution to protect Windows XP with IE 7 is for administrators to disable the "mailto:" option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry. These changes can also be added to network deployments to Windows systems.

Do keep in mind that this involves registry editing, which if not done properly can lead to major damages.

Also, Adobe is going to release an update for their products, to remove this vulnerability, just in case you cannot workaround this by yourself. Furthermore, here's a link to the original security advisory on their site, where you can get the techier details. Also, you can check out what the researcher who discovered the flaw has to say about it, here. My advice is to properly attend to this matter as you could get into serious trouble, should a hacker exploit it! Don't go thinking that it will never happen to you, because you can never know when you could get hit by a hacker!