PDF exploit not yet patched

Linc · October 2007

Windows users are susceptible to an exploit that can arrive by opening a PDF file or viewing a webpage with a PDF embedded.
<blockquote>In an advisory posted Friday, Adobe admitted that the flaw first disclosed by Petko Petkov, a U.K.-based security researcher, was real. The San Jose-based company also provided a multiple-step work-around in lieu of a permanent fix to its Adobe Acrobat software and its free Adobe Reader application. </blockquote>
Petkov wouldn't publicly release details, but recommends steering clear of public PDFs until it's patched.

GHoosdum · October 2007

Is this an Adobe-specific exploit, or will it exhibit in all PDF readers? I use FoxIt at home.

Linc · October 2007

GHoosdum wrote:

Is this an Adobe-specific exploit, or will it exhibit in all PDF readers? I use FoxIt at home.

It isn't clear from the article, but I would assume it's likely FoxIt would have the same vulnerability.

Should also note this only pertains to XP users with IE7.

Zuntar · October 2007

Good, I don't use IE7.:p

GHoosdum · October 2007

Nor I. Whew.

Linc · October 2007

I don't think it's required that you actually use IE7, only that it is installed. The exploit is with how the protocol for a mailto: link in a PDF is handled (note that you don't have to click it, only open it).

GHoosdum · October 2007

The article makes it seem like the burden lies with Adobe to fix this exploit, but it seems to me that logically it would require a patch to IE7 to solve it for all PDF readers, particularly since it doesn't occur when any other browser is installed.

Linc · October 2007

Adobe maintains/owns the PDF technical standard, so I think, logically, the responsibility does lie with them to fix an exploit in it... but I may not fully understand. The article doesn't clear up a lot of things.

PDF exploit not yet patched

Comments