PDF Flaw In Internet Explorer

C

chergh - 2008

Adobe said:
A critical vulnerability has been identified in Adobe's Acrobat and Reader software which affects Internet Explorer users.

As well as causing crashes, the frailty could allow a botnet to take control of the whole computer when a PDF is opened within Explorer.

The hole is present in Acrobat Standard and Professional versions 7.0.0 to 7.0.8, and Adobe Reader 7.0.0 to 7.0.8. Only Microsoft's browser is vulnerable.

Adobe's programmers are working on a patch, which should be available on its support site soon. In the meantime, deleting AcroPDF.dll from the will prevent Explorer from opening PDFs in the browser window.
Added in edit:
Adobe's advice
  1. Solution

    The Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to Adobe Reader and Acrobat 7.0.8 that will resolve these issues, which is expected to be available in the near future. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available.
    The upcoming version of Adobe Reader, which will not be vulnerable to this issue, is also expected to be available in the near future. Acrobat 8 is not affected by this issue. The vulnerability is in an ActiveX control used by Internet Explorer; users of other browsers are not affected. The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:
    1. Exit Internet Explorer and Adobe Reader.
    2. Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX.
      Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
    3. Select AcroPDF.dll and delete it.
NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms.

Adobe advisory is here

Original article that I quoted from is here
 
Last edited by a moderator:
C

chergh - 2008

In addition don't delete the file mentioned in the article on your work computer until you have spoke to your IT department first. On your home computer I would advise using Firefox or Opera instead of IE explorer.
 

Jim Wynne

Leader
Admin
In addition don't delete the file mentioned in the article on your work computer until you have spoke to your IT department first. On your home computer I would advise using Firefox or Opera instead of IE explorer.

Thanks for the heads-up. One more bit of related advice. You might want to try the free Foxit Reader as a replacement for the clunky Adobe PDF reader. It loads faster and does everything the Adobe reader does, and more.
 
Top Bottom