PDF exploit not yet patched

Comments

1. 
   9 Oct 2007 ~ 9:05am GHoosdum Is this an Adobe-specific exploit, or will it exhibit in all PDF readers? I use FoxIt at home.
2. 
   9 Oct 2007 ~ 9:10am Linc

   GHoosdum wrote:

   Is this an Adobe-specific exploit, or will it exhibit in all PDF readers? I use FoxIt at home.

   It isn't clear from the article, but I would assume it's likely FoxIt would have the same vulnerability.
   
   Should also note this only pertains to XP users with IE7.
3. 
   9 Oct 2007 ~ 9:49am Zuntar Good, I don't use IE7.:p
4. 
   9 Oct 2007 ~ 9:56am GHoosdum Nor I. Whew.
5. 
   9 Oct 2007 ~ 10:06am Linc I don't think it's required that you actually use IE7, only that it is installed. The exploit is with how the protocol for a mailto: link in a PDF is handled (note that you don't have to click it, only open it).
6. 
   10 Oct 2007 ~ 10:44am GHoosdum The article makes it seem like the burden lies with Adobe to fix this exploit, but it seems to me that logically it would require a patch to IE7 to solve it for all PDF readers, particularly since it doesn't occur when any other browser is installed.
7. 
   10 Oct 2007 ~ 10:50am Linc Adobe maintains/owns the PDF technical standard, so I think, logically, the responsibility does lie with them to fix an exploit in it... but I may not fully understand. The article doesn't clear up a lot of things.