C
chergh - 2008
Adobe said:A critical vulnerability has been identified in Adobe's Acrobat and Reader software which affects Internet Explorer users.
As well as causing crashes, the frailty could allow a botnet to take control of the whole computer when a PDF is opened within Explorer.
The hole is present in Acrobat Standard and Professional versions 7.0.0 to 7.0.8, and Adobe Reader 7.0.0 to 7.0.8. Only Microsoft's browser is vulnerable.
Adobe's programmers are working on a patch, which should be available on its support site soon. In the meantime, deleting AcroPDF.dll from the will prevent Explorer from opening PDFs in the browser window.
Added in edit:
Adobe's advice
NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms.
- Solution
The Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to Adobe Reader and Acrobat 7.0.8 that will resolve these issues, which is expected to be available in the near future. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available.
The upcoming version of Adobe Reader, which will not be vulnerable to this issue, is also expected to be available in the near future. Acrobat 8 is not affected by this issue. The vulnerability is in an ActiveX control used by Internet Explorer; users of other browsers are not affected. The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:
- Exit Internet Explorer and Adobe Reader.
- Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX.
Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.- Select AcroPDF.dll and delete it.
Adobe advisory is here
Original article that I quoted from is here
Last edited by a moderator: