We have received a notice from US-CERT about a security flaw involving Internet Explorer 7 and Adobe Acrobat. The flaw only affects windows based machines that have Internet Explorer 7 and Adobe Acrobat products. If you have both of these products installed your system could be compromised if you opened a pdf file that was crafted to exploit this flaw. This flaw has been labelled critical, and we are prioritizing addressing this flaw with our customers.
Who should be concerned?
- Anyone with both Internet Explorer version 7 and Adobe Acrobat installed.
- Anyone using Adobe Acrobat products version 8.1 or earlier in conjunction with Internet Explorer 7.
If I meet the criteria that makes me vulnerable, what should I do?
- You should avoid opening PDF files from untrusted sources.
- You should apply an update for your Adobe Acrobat as soon as possible.
- If unable to install an update, you should disable the mailto: URI handler on your Adobe Product (See Adobe Security Bulletin APSB07-18 for details on how to do this).
Where can I get more information about this problem?
- Adobe Security Bulletin APSB07-18
- US-CERT Advisory VU#403150
- Microsoft Security Advisory (943521)
- Registry fix to disable mailto: handler (Unsupported!)