[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CSIRTUK ADVISORY - 3418 - Adobe - Vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat



________________________________________________________________________


CSIRTUK ADVISORY - 3418 dated 08.10.07 time 21:21

Centre for the Protection of National Infrastructure (CPNI)

________________________________________________________________________

 Further details about CPNI, including information about our products
can be
 found at www.cpni.gov.uk

 Please note that CSIRTUK RSS Feeds are available from:
 http://www.cpni.gov.uk/rss/advisories.xml
________________________________________________________________________

Title
=====
Vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat

Detail
======
ID: 3418
Date: 08 October 2007 21:21

------------------------------------------------------------------------
--------
Title: 3418 - Vulnerability in versions 8.1 and earlier of Adobe Reader
and Acrobat
Abstract: Description of a workaround to resolve an Adobe critical
product vulnerability
Vendors affected:Adobe
Applications affected:Adobe Reader and Acrobat
Advisory type: Information
Availability of fix: Available
Type of fix: Work around
Source: Adobe
Reliability of source: Trusted
Source URL:
http://www.adobe.com/support/security/advisories/apsa07-04.html

Security advisory 
Workaround available for vulnerability in versions 8.1 and earlier of
Adobe Reader and Acrobat
Release date: October 5, 2007

Vulnerability identifier: APSA07-04

CVE number: CVE-2007-5020

Platform: Windows XP (Vista users are not affected) with Internet
Explorer 7 installed

Affected Software VersionsAdobe Reader 8.1 and earlier versions
Adobe Acrobat Standard, Professional and Elements 8.1 and earlier
versions
Adobe Acrobat 3D

Summary

Adobe is aware of a recently published report of a critical security
vulnerability in Adobe Reader and Acrobat. 

Solution

To protect Windows XP systems with Internet Explorer 7 installed from
this vulnerability, administrators can disable the mailto: option in
Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application
options in the Windows registry. Additionally, these changes can be
added to network deployments to Windows systems.

Disclaimer: This procedure involves editing the registry. Adobe doesn't
provide support for editing the registry, which contains critical system
and application information. Make sure to back up the registry before
modifying it. For more information about the registry, refer to Windows
Help.

Exit Adobe Reader or Acrobat. 
Open RegEdit. 
On Windows XP, go to Start > Run, type in regedit and click OK. 
Choose File > Export. 
Select Local Disk C for the Save in: location. 
Type backup for File Name. 
Choose All for the Export Range. 
Click Save. 
Navigate to the appropriate registry key: 
Acrobat:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe
Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms

Reader:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat
Reader\8.0\FeatureLockDown\cDefaultLaunchURLPerms

If tSchemePerms is set as follows:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|
help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:2 
To Disable mailto (recommended) 
Modify tSchemePerms by setting the mailto: value to 3:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|
help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2 
To set mailto to prompt
Modify tSchemePerms by removing the mailto: value:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|
help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|file:2 
Close RegEdit. 
Restart the application. 


For users who are unable to implement the above workaround, the Secure
Software Engineering team is working with the Adobe Reader Engineering
team on an update to versions 8.1 of Adobe Reader and Acrobat that will
resolve this issue. A security bulletin will be published on
http://www.adobe.com/support/security as soon as that update is
available. We expect the update to be available before the end of
October.
In the meantime, Adobe recommends that Acrobat and Reader customers use
caution when receiving unsolicited e-mail communications requesting user
action, such as opening attachments or clicking Web links. 

All documented security vulnerabilities and their solutions are
distributed through the Adobe security notification service. You can
sign up for the service at the following URL:
http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert.

Severity RatingAdobe categorizes this as a critical issue and recommends
that users apply the workaround described above for their product
installations.

AcknowledgmentsAdobe would like to thank pdp of gnucitizen.org for
reporting this vulnerability and for working with Adobe to help protect
our customers' security.

________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to
you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.

________________________________________________________________________

CSIRTUK wishes to acknowledge the contributions of Adobe for the
information
contained in this advisory.
________________________________________________________________________

This advisory contains information released by the original author. Some
of the
information may have changed since it was released. If the issue affects
you,
it may be prudent to retrieve the advisory from the site of the original
source to ensure that you receive the most current information
concerning that
problem.

Reference to any specific commercial product, process, or service by
trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its
endorsement, recommendation, or favouring by CPNI. The views and
opinions of
authors expressed within this notice shall not be used for advertising
or
product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions
contained
within this advisory. In particular, they shall not be liable for any
loss or
damage whatsoever, arising from or in connection with the usage of
information
contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams
(FIRST)
and has contacts with other international Incident Response Teams (IRTs)
in
order to foster cooperation and coordination in incident prevention, to
prompt
rapid reaction to incidents, and to promote information sharing amongst
its
members and the community at large.
________________________________________________________________________

<End of CPNI Advisory>


The original of this email was scanned for viruses by the Government Secure Intranet Anti-Virus service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2006/04/0007.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.