Adobe Reader and Acrobat Vulnerabilities Creates a Hole in IE

Adobe released a security advisory about vulnerabilities found in its Adobe Reader and Acrobat softwares. The vulnerable versions are Adobe Reader 7.0.0-7.0.8 and Adobe Standard and Professional 7.0.0-7.0.8 on a Windows platform while using Internet Explorer.


By tricking potential victims into browsing a specially crafted web page, successful exploitation of the said vulnerabilities could allow remote code execution on affected users machine. There are no security patch available as of the moment but a workaround is provided by Adobe. Users are to delete the “AcroPDF.dll” in the Adobe installation directory or another way is to set the kill bit for the CLSID [CA8A9780-280D-11CF-A24D-444553540000]. (Using another browser can also be an option, as other browsers are not affected. However, the best way still is to delete the vulnerable DLL.)


More information can be found in the following links: