Home » FORUMS » Computers, Networking & other technologies » Software (General)

Critical Security Issue with Adobe Reader/Professional


Posted on: Wed, 10/10/2007 - 10:00am
Critical Security Issue with Adobe Reader/Professional

I can't say it surprises me....

I received an email at work today asking for IT people to make a change to the registry concerning Adobe as there was no patch available.

I'll provide links for you guys to work it out, but here's the synopsis:

You must have Windows XP2

You must have IE7

Issue affects the latest to previous versions of Adobe Reader or Acrobat Professional (8.1 - earlier).

Here's the scenario:

You open up a .pdf document in your email or website link and without warning, arbitrary code is executed on your computer. This is generally pretty serious due to the widespread availability and acceptance of .pdf files.

A patch from Adobe is expected at the end of the month.

So the moral of the story for most of you, be very careful what .pdf files you open. However, if you're feeling brave, there is a simple registry fix to get around the flaw and obtain peace of mind.

http://www.adobe.com/support/security/advisories/apsa07-04.html

You can copy and paste this link to the website that discovered the flaw for more info.

http://www.gnucitizen.org/blog/0day-pdf-pwns-windows

And this is a short video detailing someone clicking on a .pdf document and having the notepad and calculator execute (notice that there is no command line prompt or Windows Security Warning). It's pretty safe to say that you can script something a little more malicious than the calculator and notepad executing.

 


 

Because I care,

Ashton

 


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Posted on: Wed, 10/10/2007 - 12:32pm #1
Re: Critical Security Issue with Adobe Reader/Professional
I guess that doesn't affect macs? I guess macs are stil secure...for the most part....for now.
-------------------------


"Thanks for the mac badge, Hubby!" 

Posted on: Wed, 10/24/2007 - 3:12pm #2
Re: Critical Security Issue with Adobe Reader/Professional

Now, it rears it's ugly head.

http://www.theregister.co.uk/2007/10/24/pdf_exploit_in_the_wild/

Link also contains the critical patch for Adobe if you haven't changed your registry. I really recommend that you patch.

I do not feel obliged to believe that same God who endowed us with sense, reason, and intellect had intended for us to forgo their use. -Galileo Galilei

Posted on: Wed, 10/24/2007 - 3:26pm #3
Re: Critical Security Issue with Adobe Reader/Professional

It's a little hard to locate.

Reader for Windows.

http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=3806&fileID=3534 

Acrobat for Windows.

http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=3796&fileID=3537 

I do not feel obliged to believe that same God who endowed us with sense, reason, and intellect had intended for us to forgo their use. -Galileo Galilei

Posted on: Wed, 10/10/2007 - 11:35am #4
Re: Critical Security Issue with Adobe Reader/Professional

Thank you Ashton!!
I have to use my adobe daily to get my husbands work stuff,it comes to me in an email as an attatchment,this was a good heads up