No Fix to Defend Users against PDF Exploit, Admits Adobe
Recently, Adobe Systems Inc. has acknowledged the presence of a serious fault in its most favorite software, but so far, it doesn't have a fix that defends Windows XP customers against strikes coming as PDF files.
Through a warning posted on October 5, 2007, Adobe conceded that the fault initially revealed by the British security investigator Petko Petkov was factual. The San Jose-located firm also offered a multi-move workaround instead of a lasting remedy to its Adobe Acrobat programs and its complimentary Adobe Reader program.
The fault, admitted by Adobe on October 5, 2007, survives in the recent and former variants of Adobe Reader edition 8.1, Acrobat Standard, Elements 8.1, and Professional and other older versions like Acrobat 3D on Windows XP computers with Internet Explorer 7 loaded, as indicated by an advisory from the firm in San Jose.
The flaw is attributable to an input validation error while processing a specifically created email link, as per FrSIRT.
In the preceding month (September 2007), Petkov declared in a blog site that he had detected a dangerous flaw that could be exploited via PDF files, Adobe's favored document layout. Adobe Acrobat/Reader PDF files can be exploited to infect your Windows platform, stated Petkov on September 21. Somebody just has is to open a PDF file or chance upon a page [that] introduces one, informs the October 8, 2007 issue of COMPUTERWORLD.
Just then, Petkov refused to give proof-of-concept program, asking clients to believe in him. He advised to stay away from all PDFs till a patch is launched.
On October 5, 2007, Adobe affirmed that the firm's investigators were developing updated variants of the infected products to solve the problem.
Adobe and FrSIRT urged consumers to disenable the mailto alternative in the Windows registry.
In the meantime, investigators have notified that following a preliminary hike, hackers are shunning PDF emails.
On October 8, 2007, Secunia, a flaw-monitoring company, modified an advisory posted in July on a vulnerability in the method in which Windows operates URI instructions, with Adobe Reader and Acrobat as potential hack carrier. Secunia urged clients to evade dubious sites, links or PDF documents.
Microsoft's representative on October 8, 2007 stated that the firm is conscious of vulnerability stories and is probing the matter.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 22-10-2007