October 22nd, 2007

Adobe shuts backdoor in PDF Reader, some old versions still vulnerable

Posted by Ryan Naraine @ 12:33 pm

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Microsoft, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Adobe Acrobat Reader, Microsoft Corp., Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine

As promised earlier this month, Adobe has shipped a fix for the URI protocol handling vulnerability that left a backdoor open on Windows XP machines with Internet Explorer 7 installed.

The patch, rated “critical,” addresses multiple flaws in Adobe Reader and Acrobat that could allow an attacker to take complete control of a vulnerable system.

From Adobe’s advisory:

This issue only affects customers on Windows XP with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities.

[ SEE: Adobe confirms PDF backdoor, offers unsupported workaround ]

Adobe is strongly recommending that Windows users upgrade to Adobe Reader 8.1.1 or Acrobat 8.1.1 immediately.

It’s important to note that this patch only applies to some versions of the software. For instance, there are no patches yet for Adobe Reader 7.0.9 and Acrobat 7.0.9. Adobe says those fixes will come “at a later date.”

[ SEE: MS Outlook flaw adds new twist to URI handling saga ]

In the meantime, the temporary workaround is to disable the “mailto:” option in Acrobat, Acrobat 3D and Adobe Reader by modifying the application options in the Windows registry (see instructions here).

Microsoft is also planning to ship an update to address this issue.