Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2007 > 3443 - Adobe Updates for Microsoft Windows URI Vulnerability

October 2007

3443 - Adobe Updates for Microsoft Windows URI Vulnerability

ID: 3443
Date: 25/10/2007
Title: 3443 - Adobe Updates for Microsoft Windows URI Vulnerability
Platform level affected:Net Application - Client
Hardware components affected:Intel PC
Specific operating systems components affected: 32-bit Windows
Net-enabled software: Enterprise Application
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Adobe
Applications affected:Internet Explorer 7, Adobe Reader, Acrobat Professional
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Imminent
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Source: US-CERT
Reliability of source: Trusted
Source URL: http://www.us-cert.gov/cas/techalerts/TA07-297B.html
Abstract: Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 National Cyber Alert System
   Technical Cyber Security Alert TA07-297B


Adobe Updates for Microsoft Windows URI Vulnerability

   Original release date: October 24, 2007
   Last revised: --
   Source: US-CERT

Systems Affected

   Microsoft Windows XP and Windows Server 2003 systems with Internet
   Explorer 7 and any of the following Adobe products:
     * Adobe Reader 8.1 and earlier
     * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
     * Adobe Reader 7.0.9 and earlier
     * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and
       earlier

Overview

   Adobe has released updates for the Adobe Reader and Adobe Acrobat
   product families. The update addresses a URI handling vulnerability in
   Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.

I. Description

   Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server
   2003 changes the way Windows handles Uniform Resource Identifiers
   (URIs). This change has introduced a flaw that can cause Windows to
   incorrectly determine the appropriate handler for the protocol
   specified in a URI. By creating a specially crafted URI in a PDF
   document, an attacker can execute arbitrary commands on a vulnerable
   system. More information about this vulnerability is available in
   US-CERT Vulnerability Note VU#403150.

   Public reports indicate that this vulnerability is being actively
   exploited with malicious PDF files. Adobe has released Adobe Reader
   8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.

II. Impact

   By convincing a user to open a specially crafted PDF file, a remote,
   unauthenticated attacker may be able to execute arbitrary commands.

III. Solution

Apply an update

   Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to
   address this issue. These Adobe products handle URIs in a way that
   mitigates the vulnerability in Microsoft Windows.

Disable the mailto: URI in Adobe Reader and Adobe Acrobat

   If you are unable to install an updated version of the software, this
   vulnerability can be mitigated by disabling the mailto: URI handler in
   Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin
   APSB07-18 for details.


Appendix A. Vendor Information

Adobe

   For information about updating affected Adobe products, see Adobe
   Security Bulletin APSB07-18.

Appendix B. References

    * Adobe Security Bulletin APSB07-18 -
      <http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
    
    * Microsoft Security Advisory (943521) -
      <http://www.microsoft.com/technet/security/advisory/943521.mspx>
    
    * US-CERT Vulnerability Note VU#403150 -
      <http://www.kb.cert.org/vuls/id/403150>

 _________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
 _________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA07-297B Feedback VU#403150" in the
   subject.
 _________________________________________________________________
   
   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 _________________________________________________________________

Revision History

   October 24, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H
3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ
lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s
VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57
4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI
LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==
=PgB9
-----END PGP SIGNATURE-----


 

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Thu, 25 Oct 2007 00:00:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |