[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CSIRTUK ADVISORY - 3418 - Adobe - Vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat


CSIRTUK ADVISORY - 3418 dated 08.10.07 time 21:21

Centre for the Protection of National Infrastructure (CPNI)


 Further details about CPNI, including information about our products
can be
 found at www.cpni.gov.uk

 Please note that CSIRTUK RSS Feeds are available from:

Vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat

ID: 3418
Date: 08 October 2007 21:21

Title: 3418 - Vulnerability in versions 8.1 and earlier of Adobe Reader
and Acrobat
Abstract: Description of a workaround to resolve an Adobe critical
product vulnerability
Vendors affected:Adobe
Applications affected:Adobe Reader and Acrobat
Advisory type: Information
Availability of fix: Available
Type of fix: Work around
Source: Adobe
Reliability of source: Trusted
Source URL:

Security advisory 
Workaround available for vulnerability in versions 8.1 and earlier of
Adobe Reader and Acrobat
Release date: October 5, 2007

Vulnerability identifier: APSA07-04

CVE number: CVE-2007-5020

Platform: Windows XP (Vista users are not affected) with Internet
Explorer 7 installed

Affected Software VersionsAdobe Reader 8.1 and earlier versions
Adobe Acrobat Standard, Professional and Elements 8.1 and earlier
Adobe Acrobat 3D


Adobe is aware of a recently published report of a critical security
vulnerability in Adobe Reader and Acrobat. 


To protect Windows XP systems with Internet Explorer 7 installed from
this vulnerability, administrators can disable the mailto: option in
Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application
options in the Windows registry. Additionally, these changes can be
added to network deployments to Windows systems.

Disclaimer: This procedure involves editing the registry. Adobe doesn't
provide support for editing the registry, which contains critical system
and application information. Make sure to back up the registry before
modifying it. For more information about the registry, refer to Windows

Exit Adobe Reader or Acrobat. 
Open RegEdit. 
On Windows XP, go to Start > Run, type in regedit and click OK. 
Choose File > Export. 
Select Local Disk C for the Save in: location. 
Type backup for File Name. 
Choose All for the Export Range. 
Click Save. 
Navigate to the appropriate registry key: 


If tSchemePerms is set as follows:
To Disable mailto (recommended) 
Modify tSchemePerms by setting the mailto: value to 3:
To set mailto to prompt
Modify tSchemePerms by removing the mailto: value:
Close RegEdit. 
Restart the application. 

For users who are unable to implement the above workaround, the Secure
Software Engineering team is working with the Adobe Reader Engineering
team on an update to versions 8.1 of Adobe Reader and Acrobat that will
resolve this issue. A security bulletin will be published on
http://www.adobe.com/support/security as soon as that update is
available. We expect the update to be available before the end of
In the meantime, Adobe recommends that Acrobat and Reader customers use
caution when receiving unsolicited e-mail communications requesting user
action, such as opening attachments or clicking Web links. 

All documented security vulnerabilities and their solutions are
distributed through the Adobe security notification service. You can
sign up for the service at the following URL:

Severity RatingAdobe categorizes this as a critical issue and recommends
that users apply the workaround described above for their product

AcknowledgmentsAdobe would like to thank pdp of gnucitizen.org for
reporting this vulnerability and for working with Adobe to help protect
our customers' security.


CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?

3. Any other comments? How could we improve our advisories?

Thank you for your contribution.


CSIRTUK wishes to acknowledge the contributions of Adobe for the
contained in this advisory.

This advisory contains information released by the original author. Some
of the
information may have changed since it was released. If the issue affects
it may be prudent to retrieve the advisory from the site of the original
source to ensure that you receive the most current information
concerning that

Reference to any specific commercial product, process, or service by
name, trademark manufacturer, or otherwise, does not constitute or imply
endorsement, recommendation, or favouring by CPNI. The views and
opinions of
authors expressed within this notice shall not be used for advertising
product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions
within this advisory. In particular, they shall not be liable for any
loss or
damage whatsoever, arising from or in connection with the usage of
contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams
and has contacts with other international Incident Response Teams (IRTs)
order to foster cooperation and coordination in incident prevention, to
rapid reaction to incidents, and to promote information sharing amongst
members and the community at large.

<End of CPNI Advisory>

The original of this email was scanned for viruses by the Government Secure Intranet Anti-Virus service supplied by Cable&Wireless in partnership with MessageLabs. (CCTM Certificate Number 2006/04/0007.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.