Security Update

Description

Critical vulnerabilities was found in Adobe Reader and Acrobat running on Windows XP or Windows 2003 with Internet Explorer 7 installed. Internet Explorer 7 updates a Windows component, which modifies the interaction between Internet Explorer and Windows Shell when handling URLs and URI’s. Applications which pass un-validated URIs or URLs to Windows can be leveraged to exploit this vulnerability. Attacker can take control of the affected system by exploits these vulnerabilities.

Product affected
Adobe Reader 8.1 and earlier

Adobe Reader 7.0.9 and earlier

Adobe Acrobat Professional, 3D and Standard 8.1 and earlier

Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier

Solution

Apply patches according to affected software versions:

Adobe Reader 8.1.1
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
The Acrobat 8.1.1
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

For Adobe Reader 7.0.9 and Acrobat 7.0.9 which cannot upgrade to 8.1.1 version, administrators may consider to disable the mailto: option in Acrobat, Acrobat 3D and Adobe Reader by modifying the application options in the Windows registry.

Source
Adobe

Suggested Solutions
Patch Management System: Shavlik's HFNetChkPro, Lumension PatchLink Update, Altiris Client Management Suite

1 : Symantec Enterprise Vault Special Promotion
2 : Citrix- The Secrets of Successful Application Delivery

Enquiry Hotline: 2102 5894    Email: marketing@nexus-hk.com