Adobe Updates for Microsoft Windows Vulnerability
Systems Affected
Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products:
- Adobe Reader 8.1 and earlier
- Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
- Adobe Reader 7.0.9 and earlier
- Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier
Overview
Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 contain a vulnerability that could allow an attacker to take control of your computer by convincing you to open a malicious PDF document. Public reports indicate that this vulnerability is being actively exploited.
Solution
Apply an update
Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. Please see Adobe Security Bulletin APSB07-18 for details.
Description
Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 installed contain a vulnerability in the way Windows determines the appropriate program to handle data specified in a Uniform Resource Identifier (URI). An attacker can exploit this vulnerability by convincing you to open a specially crafted PDF document. The attacker could gain access your computer, install and run malicious software on your computer, or cause it to crash.
More technical information is available in US-CERT Technical Cyber Security Alert TA07-297A and Vulnerability Note VU#403150.
References
- Adobe Security Bulletin APSB07-18 - <http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
- Microsoft Security Advisory (943521) - <http://www.microsoft.com/technet/security/advisory/943521.mspx>
- US-CERT Vulnerability Note VU#403150 -
<http://www.kb.cert.org/vuls/id/403150> - US-CERT Technical Alert TA07-297B - <http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
.
Revision History
-
October 24, 2007: Initial release
This product is provided subject to this Notification and this Privacy & Use policy.