[ISN] PDFs open critical hole in Internet Explorer

From: InfoSec News (alerts@private)
Date: Mon Dec 04 2006 - 01:28:58 PST


http://www.theregister.co.uk/2006/12/01/adobe_vuln/

By Chris Williams
1st December 2006

A critical vulnerability has been identified in Adobe's Acrobat and 
Reader software which affects Internet Explorer users.

As well as causing crashes, the frailty could allow a botnet to take 
control of the whole computer when a PDF is opened within Explorer.

The hole is present in Acrobat Standard and Professional versions 7.0.0 
to 7.0.8, and Adobe Reader 7.0.0 to 7.0.8. Only Microsoft's browser is 
vulnerable.

Adobe's programmers are working on a patch, which should be available on 
its support site soon. In the meantime, deleting AcroPDF.dll from the 
will prevent Explorer from opening PDFs in the browser window.

Adobe's advisory is here [1].

[1] http://www.adobe.com/support/security/advisories/apsa06-02.html


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Mon Dec 04 2006 - 01:32:58 PST