Adobe Confirms Critical Bug Affecting Windows XP - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Adobe Confirms Critical Bug Affecting Windows XP

Adobe issued a workaround for the vulnerability and reported that a fix should be released before the end of the month.

Adobe has confirmed that a critical vulnerability affects users running Microsoft Windows XP and Internet Explorer 7.

The company reported in an online security advisory that the code execution vulnerability affects Adobe Reader V8.1, as well as earlier versions; Adobe Acrobat Standard, Professional, and Elements 8.1, as well as earlier versions, along with Adobe Acrobat 3D. The company has not issued a patch, but laid out a workaround plan in the advisory.

Adobe did report in its online advisory that it is working on an update to V8.1 of Adobe Reader and Acrobat that will patch the problem. The company said it expects to make the update available before the end of the month when it will be published on this site.

Researcher Petko D. Petkov disclosed the vulnerability several weeks ago. The flaw, Petkov explained, could enable a hacker to use malicious PDF files to remotely take control of a machine running Windows XP and IE7.

"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he wrote in his blog, Gnucitizen. "All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This, and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs [proof-of-concept code]. You have to take my word for it. The POCs will be released when an update is available."

Adobe categorized the bug as a "critical issue" and recommended that users apply the suggested workaround.

The workaround calls for administrators to disable the 'mailto' option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry. The changes also can be added to network deployments to Windows systems.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll