United States


Adobe PDF vulnerability - 1/16/2007

WARNING - A vulnerability has been found in multiple versions of the Adobe Acrobat Reader Plugin, which allows users to view Portable Document Format (PDF) files via a web browser such as Internet Explorer or Firefox. The Adobe Acrobat Reader installs the plugin by default. Please note that only Adobe Acrobat Reader Plugin is vulnerable to this attack. This vulnerability can be exploited if an attacker can convince a user to click on a maliciously crafted link (URL) to open a PDF file. The vulnerability does not exist in the PDF document but in the parameters passed to the plugin. An attacker may be able to use this vulnerability to steal sensitive information from a user’s computer or force the user’s computer to visit arbitrary Web sites.

Adobe has released patches for the Adobe Acrobat Reader 7.0.8 and earlier. See references for patch download locations and additional information. We continue to recommend users upgrade to Acrobat Reader 8.0.0 after appropriate testing. For users that do not want to upgrade to Acrobat 8.0.0 at this time, we recommend that the appropriate patch be installed after appropriate testing.