Adobe Reader Mailto Vulnerability in Wild, Patch Available
SANS has posted an alert noting that a vulnerability in Adobe Acrobat and Reader they reported last month has been seen in the wild. The vulnerability has been confirmed by Adobe and a workaround (from Adobe) is included in the SANS post and listed here to:
From Adobe:
Acrobat: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPermsReader:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockDown\cDefaultLaunchURLPermsIf tSchemePerms is set as follows:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:2To Disable mailto modify tSchemePerms by setting the mailto: value to 3
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2
SANS noted this may not work for older versions using different registry settings.
A software patch is available from Adobe.
Brian Krebs at Security Fix adds:
Incidentally, I long ago removed Adobe from the Windows PCs I use. I simply grew tired of having to update the programs constantly, and of waiting forever for PDF documents to open or close. I've switched over to the free Foxit Reader, which seems to do all the same stuff Adobe Reader did, but is far faster and appears to hog fewer PC resources.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
