In association with heise online

29 November 2006, 14:02

ActiveX control in Adobe Acrobat and Reader enables system takeover

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An ActiveX module in Adobe Acrobat and Adobe Reader contains several security holes that attackers can use to gain control over vulnerable computers by using a doctored .PDF to trick users into accessing specially crafted web pages. The software vendor has only just addressed these problems. According to Adobe these holes only affect Internet Explorer users with Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform.

Acrobat 8 is not affected by this issue and neither is the upcoming new release of Adobe Reader.

FrSIRT, a security services vendor, discovered the holes in the AcroPDF.dll ActiveX module. Improperly formatted arguments for the src(), setPageMode(), setLayoutMode(), setNamedDest() and LoadFile() functions can lead to memory corruption and thereby the execution of smuggled programs.

Adobe reacted to the FrSIRT security advisory with a bug report of its own. In it the company suggests completely deleting the affected ActiveX components for now. To do so, administrators should close Internet Explore and Adobe Acrobat or Adobe Reader and then delete the <Laufwerk>:\<Programmpfad>\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll file. FrSIRT reports that it is sufficient to set the killbit for the module with the ClassID {CA8A9780-280D-11CF-A24D-444553540000} in the registry.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit