Adobe confirms PDF backdoor, offers workaround for Acrobat attack
Adobe has confirmed the existence of a critical bug in its Reader and Acrobat products and admits it doesn’t yet have a patch to protect Windows XP users. It has however offered a work-around in lieu of a permanent fix.
The vulnerability exists in Adobe Reader 8.1 (and earlier versions), Acrobat Standard, Professional and Elements 8.1 (and earlier versions_ and Acrobat 3D on PCs running Windows XP with IE 7 installed. Windows Vista system, which sports its own version of IE 7, is not vulnerable.
The vulnerability was reported last month by security researcher Petko Petkov of GNUCITIZEN.
“Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!!,” Petkov wrote in a blog posting. “All it takes is to open a PDF document or stumble across a page which embeds one.”
The work-around offered by Adobe involves editing the Windows registry.
Adobe said “To protect Windows XP systems with Internet Explorer 7 installed from this vulnerability, administrators can disable the mailto: option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry.”
Detailed instructions on how to implement this work-around were also posted on Adobe’s Web site.
However, if users cannot or will not use the work-around, the company recommends to Windows XP users to take cautionary measures when receiving unsolicited emails containing suspicious links or attachments.
The company expects to release a permanent solution before the end of October.
Related Posts:
