Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Adobe Warns Of Critical Acrobat Vulnerabilities

Adobe Systems this week issued an advisory acknowledging that vulnerabilities may exist in Windows versions of Adobe Reader and Acrobat that could crash the applications and enable remote attackers to gain complete control over affected PCs.

The flaws stem from memory corruption errors in the AcroPDF ActiveX control (AcroPDF.dll) and affect Adobe Reader, Acrobat Standard and Acrobat Professional versions 7.0.0 through 7.0.8, the San Jose, Calif.-based vendor said in a Tuesday advisory.

The vulnerabilities can only be triggered through Internet Explorer, and Adobe said it's working on an update to Adobe Reader and Acrobat 7.0.8 that will address the vulnerabilities.

Remote attackers could exploit the vulnerabilities by duping users into visiting a rigged Web page using Internet Explorer, according to the French Security Incident Response Team (FrSIRT). Adobe credited FrSIRT with discovering and reporting the flaws.

Adobe recommended that users delete the AcroPDF.dll from the Acrobat Program Files folder, but the company warned that doing so could impact enterprise workflows since it prevents PDF documents from opening in Internet Explorer.

  • 1