Original release date: October 24, 2007
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products:
Adobe Reader 8.1 and earlier
Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
Adobe Reader 7.0.9 and earlier
Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier
Overview
Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 contain a vulnerability that could allow an attacker to take control of your computer by convincing you to open a malicious PDF document. Public reports indicate that this vulnerability is being actively exploited.
Solution
Apply an update
Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. Please see Adobe Security Bulletin APSB07-18 for details.
Description
Microsoft Windows XP and Server 2003 systems with Internet Explorer 7 installed contain a vulnerability in the way Windows determines the appropriate program to handle data specified in a Uniform Resource Identifier (URI). An attacker can exploit this vulnerability by convincing you to open a specially crafted PDF document. The attacker could gain access your computer, install and run malicious software on your computer, or cause it to crash.
More technical information is available in US-CERT Technical Cyber Security Alert TA07-297A and Vulnerability Note VU#403150.
