PDF flaw gets fixed with Adobe patch
Adobe Systems Inc. has released patches for its Acrobat Reader programs on October 22, 2007 to mend vulnerability affecting users of Windows XP that would expose the systems to exploits creeping in via malware-laden PDF files.
The patches come with updates to Acrobat, the full-featured application of Adobe Reader, the utility that renders free PDF. Both the updates have been named Version 8.1.1
In a warning via a bulletin that provided the details of the availability of the patches, Adobe said that critical vulnerabilities were found in Adobe Reader, which with successful exploitation could enable an attacker to gain full control of the vulnerable system. PCWorld published this in news on October 22, 2007.
The flaw affects Adobe Acrobat Professional, Standard 8.1 and 3D and earlier versions namely Adobe Acrobat professionals, 3D, Standard, and Elements 7.0.9 and its earlier version(s). It similarly affects Adobe Reader 8.1 and its earlier versions namely Adobe Reader 7.0.9 and others.
Only those who use Windows XP and have Internet Explorer 7 running on their systems are vulnerable to such attacks, Adobe added. The fixes took beyond two weeks to come after Adobe admitted that there was an exploit and put up on the Internet that users needed to modify the Windows registry.
The discoverer of the PDF flaw Petko Petkov said the flaw could let a hacker gain remote control of a system having Windows XP and IE7 by using malware-laden PDF files. He wrote in his blog that PDF documents on Adobe Reader/Acrobat could be utilized to hack Windows machines.
According to Petkov, the exploit works by simply opening a PDF-styled document or coming across a Web page with an embedded PDF document. Since modern businesses substantially rely on PDF documents, the issue becomes critical, he added.
Adobe has fixed other bugs too for Windows system in 2007. One flaw that appeared in January arose from the 'Open Parameters' feature of Adobe Reader that allow developers move over parameters on opening a PDF document.
Related article: PDF Spam Returns with Greater Power
» SPAMfighter News - 13-11-2007