Adobe PDF MailTo Vulnerability Fix Tool

Hi,

There is a critical security vulnerability that affects Adobe Acrobat and Adobe Reader, versions 8.1 and below. It can potentially allow remote attackers to execute arbitrary code via a crafted PDF file.

If you have Adobe Acrobat or Adobe Reader installed, and are running Windows XP (with IE 7), you are vulnerable. (More details are available in the Adobe Security Advisory (APSA07-04).)

Luckily, there's a workaround available that should help secure your system for now. And I've packaged that workaround into an easy-to-use tool:

PDF MailTo Vulnerability Fix Tool
http://www.javacoolsoftware.com/pdffix.html

The workaround simply disables the vulnerable function of the Adobe software - as is, in fact, suggested in the Adobe Security Advisory. This tool simply automates the workaround, so you won't have to worry about breaking anything with manual registry edits.

Enjoy!

Best regards,

-Javacool

 

Re: PDF MailTo Vulnerability Fix Tool

NOTES (although the tool will tell you this, if applicable, when it runs):

The workaround is only available for Adobe Acrobat and Adobe Reader versions 8.0 and up. Older versions of Adobe Acrobat and Reader may still be vulnerable, but there is currently no known way of securing them.

It is therefore strongly recommended that you upgrade to the latest versions of Adobe Acrobat and/or Adobe Reader if you have a pre-8.0 version installed. (Then download and apply the fix tool, linked in the post above.)

You can get the current version of Adobe Reader here: Adobe Reader Download

Best regards,

-Javacool

 

Thanks a lot javacool !
BTW, are Foxit Reader users also at risk ?

 

Hi,

You're quite welcome!

A contributing factor to this problem (and many similar problems with other programs recently) is a change to Internet Explorer's handling of URI's (which affects XP and 2003 with IE7 installed - Vista is apparently unaffected).

Microsoft has announced an initial advisory that provides some details about the issue here: http://www.microsoft.com/technet/security/advisory/943521.mspx (The advisory also confirms that they are actively investigating the issue.)

I haven't had a chance to test Foxit Reader (or any other non-Adobe PDF readers), but there is some discussion about it in the following thread at DSLReports: http://www.dslreports.com/forum/r19215800-PDF-Vulnerability

Best regards,

-Javacool

 

Hi,

Adobe has since resolved this vulnerability in a new release of Adobe Acrobat and Adobe Reader, and has fixed additional vulnerabilities.

It is very important that you ensure you have the latest version of Adobe Acrobat / Adobe Reader installed.

While this tool will remain available for the time being, we highly recommend that you instead install the latest version of Adobe Acrobat / Adobe Reader on your system.

Best regards,

-Javacool