A new zero-day vulnerability places Adobe Acrobat and Reader users at risk of arbitrary code execution when opening a hostile PDF document. This vulnerability affects systems running Microsoft® Windows® XP, Microsoft Internet Explorer® 7, and one or more of the following Adobe products:
- Adobe® Reader® 8.1 and earlier versions
- Adobe® Acrobat® Standard, Professional and Elements 8.1 and earlier versions
- Adobe® Acrobat® 3D
Microsoft® Windows Vista® users are not affected.
Adobe expects to produce a patch before the end of October 2007. Meanwhile, users should be able to work around the issue by disabling mailto links in affected Adobe products through editing the Windows registry. Detailed instructions are available in Adobe’s security advisory APSA07-04.
Post a Comment