U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (TA07-297B)

Adobe Updates for Microsoft Windows URI Vulnerability

Original release date: October 24, 2007

Systems Affected

Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products:
  • Adobe Reader 8.1 and earlier
  • Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
  • Adobe Reader 7.0.9 and earlier
  • Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier

Overview

Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.

Description

Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. By creating a specially crafted URI in a PDF document, an attacker can execute arbitrary commands on a vulnerable system. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150.

Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.

Impact

By convincing a user to open a specially crafted PDF file, a remote, unauthenticated attacker may be able to execute arbitrary commands.

Solution

Apply an update

Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows.

Disable the mailto: URI in Adobe Reader and Adobe Acrobat

If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details.

Appendix A. Vendor Information

Adobe

For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18.


Appendix B. References


Feedback can be directed to US-CERT Technical Staff.


Produced by US-CERT, a government organization. Terms of use

Revision History

  • October 24, 2007: Initial release

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top