U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA07-297B)

Adobe Updates for Microsoft Windows Vulnerability

Original release date: October 24, 2007

Systems Affected

Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products:
  • Adobe Reader 8.1 and earlier
  • Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
  • Adobe Reader 7.0.9 and earlier
  • Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier

Overview

Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 contain a vulnerability that could allow an attacker to take control of your computer by convincing you to open a malicious PDF document. Public reports indicate that this vulnerability is being actively exploited.


Solution

Apply an update

Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. Please see Adobe Security Bulletin APSB07-18 for details.

Description

Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 installed contain a vulnerability in the way Windows determines the appropriate program to handle data specified in a Uniform Resource Identifier (URI). An attacker can exploit this vulnerability by convincing you to open a specially crafted PDF document. The attacker could gain access your computer, install and run malicious software on your computer, or cause it to crash.

More technical information is available in US-CERT Technical Cyber Security Alert TA07-297A and Vulnerability Note VU#403150.


References


.

Revision History

  • October 24, 2007: Initial release

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top