Information Technology Services

Who: Campus Community

What: PDF Security Vulnerability

Background: A vulnerability in the mailto handling of Adobe Acrobat and Adobe Reader for Windows allows remote attackers to execute arbitrary code via a specially crafted PDF file.

Impact: Due to the wide-spread use of PDFs, the possibility exists for numerous systems to be exploited and for existing threats such as Storm Worm to exploit this vulnerability in the near future.

Platforms Affected: Users running Windows XP with Internet Explorer 7 installed (Vista is not affected)

• Adobe Reader 8.1 and earlier
• Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions
• Adobe Acrobat Professional, Elements 7.0.9 and earlier

Local Observations: The Information Technology Services (ITS) Security group has not seen active exploitation of this vulnerability on university systems, but is
aware that the vulnerability is currently being exploited on the Internet at large.

Recommendations: Apply updates from Adobe. Open Adobe Acrobat production and look for the update option under the help drop down menu. Or install new version of the product and apply the updates:

• Adobe Reader Updates
• Adobe Acrobat Updates
• Sign-up for Adobe Security Bulletins and Advisories

Workarounds: Uninstall affected products and restart Windows

Further Reading:

• Adobe Security Advisory
• National Vulnerability Database
• SANS: PDF Exploit in the Wild

If you have questions, please contact 6-TECH at (336) 256-TECH (8324).