A critical security vulnerability in an ActiveX control used by Internet Explorer could allow malicious hackers to use Adobe's Reader and Acrobat software to launch PC hijack attacks, according to a warning from Adobe Systems.
The San Jose, Calif., company released an advisory with pre-patch workarounds and warned that multiple unpatched flaws could cause software crashes and "potentially allow an attacker to take control of the affected system."
Affected software includes Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform.
The bugs are only triggered when using Internet Explorer. Users of other browsers are not affected.
Adobe said it is working on a comprehensive patch that will ship "soon" and stressed than an upcoming upgrade to the widely used Adobe Reader program is not vulnerable to this issue.
Temporary workaround:
Adobe suggests that affected users apply the following workaround:
* Browse to :\Program Files\Adobe\Acrobat 7.0\ActiveX. Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
* Select AcroPDF.dll and delete it.
The workaround will prevent PDF documents from opening within an Internet Explorer window. After applying the workaround, clicking on PDF files within Internet Explorer will either open the files in a separate instance of Adobe Reader or prompt the user to download the file, which can then be opened in Adobe Reader.
The company warned that the workaround may disrupt some enterprise workflows and use of PDF forms.
订阅数:364236
http://www.i170.com/Article/50166/trackback
主题:[