Adobe has confirmed the existence of a critical bug in its Reader and Acrobat products and admits it doesn’t yet have a patch to protect Windows XP users. It has however offered a work-around in lieu of a permanent fix.

The vulnerability exists in Adobe Reader 8.1 (and earlier versions), Acrobat Standard, Professional and Elements 8.1 (and earlier versions_ and Acrobat 3D on PCs running Windows XP with IE 7 installed. Windows Vista system, which sports its own version of IE 7, is not vulnerable.

The vulnerability was reported last month by security researcher Petko Petkov of GNUCITIZEN.

“Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!!,” Petkov wrote in a blog posting. “All it takes is to open a PDF document or stumble across a page which embeds one.”

The work-around offered by Adobe involves editing the Windows registry.

Adobe said “To protect Windows XP systems with Internet Explorer 7 installed from this vulnerability, administrators can disable the mailto: option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry.”

Detailed instructions on how to implement this work-around were also posted on Adobe’s Web site.

However, if users cannot or will not use the work-around, the company recommends to Windows XP users to take cautionary measures when receiving unsolicited emails containing suspicious links or attachments.

The company expects to release a permanent solution before the end of October.

Related:

Entry was posted on Tuesday, October 9th, 2007 at 5:57 pm under Technology.

Read more entries by Ruben Francia.
Stumble It!