Adobe Updates for Microsoft Windows Vulnerability

Systems Affected

• Adobe Reader 8.1 and earlier
• Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
• Adobe Reader 7.0.9 and earlier
• Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier

Overview

Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 contain a vulnerability that could allow an attacker to take control of your computer by convincing you to open a malicious PDF document. Public reports indicate that this vulnerability is being actively exploited.

Solution

Apply an update

Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. Please see Adobe Security Bulletin APSB07-18 for details.

Description

Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 installed contain a vulnerability in the way Windows determines the appropriate program to handle data specified in a Uniform Resource Identifier (URI). An attacker can exploit this vulnerability by convincing you to open a specially crafted PDF document. The attacker could gain access your computer, install and run malicious software on your computer, or cause it to crash.

More technical information is available in US-CERT Technical Cyber Security Alert TA07-297A and Vulnerability Note VU#403150.

References

• Adobe Security Bulletin APSB07-18 - <http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
• Microsoft Security Advisory (943521) - <http://www.microsoft.com/technet/security/advisory/943521.mspx>
• US-CERT Vulnerability Note VU#403150 - <http://www.kb.cert.org/vuls/id/403150>
• US-CERT Technical Alert TA07-297B - <http://www.us-cert.gov/cas/techalerts/TA07-297B.html>

Feedback can be directed to US-CERT.

Produced 2007 by US-CERT, a government organization. Terms of use

Revision History

October 24, 2007: Initial release