AOH :: ISNQ3278.HTM

PDFs open critical hole in Internet Explorer




PDFs open critical hole in Internet Explorer
PDFs open critical hole in Internet Explorer



http://www.theregister.co.uk/2006/12/01/adobe_vuln/ 

By Chris Williams
1st December 2006

A critical vulnerability has been identified in Adobe's Acrobat and 
Reader software which affects Internet Explorer users.

As well as causing crashes, the frailty could allow a botnet to take 
control of the whole computer when a PDF is opened within Explorer.

The hole is present in Acrobat Standard and Professional versions 7.0.0 
to 7.0.8, and Adobe Reader 7.0.0 to 7.0.8. Only Microsoft's browser is 
vulnerable.

Adobe's programmers are working on a patch, which should be available on 
its support site soon. In the meantime, deleting AcroPDF.dll from the 
will prevent Explorer from opening PDFs in the browser window.

Adobe's advisory is here [1].

[1] http://www.adobe.com/support/security/advisories/apsa06-02.html 


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 
 

Site design & layout copyright © 1986-2014 CodeGods