In association with heise online

23 October 2007, 13:30

Adobe and Netscape patch URI vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As previously announced, Adobe has released version 8.1.1 of Adobe Reader and Acrobat, in which the handling of URIs and URLs in PDF documents has been revised. Before this release, applications installed on a system could be launched by means of arbitrary parameters when manipulated documents were opened. Attackers may thereby gain control of a computer when a victim opens a PDF file saved on a Web server or sent by e-mail. For the attack to succeed, users do not even need to click on link in the document, which launches the URL itself when loaded because the PDF uses ActionScript.

Updates for Adobe Reader 7.0.9 and Acrobat 7.0.9 are expected to be released later. Adobe recommends that users who cannot switch to version 8.8.1 disable the handling of the mailto URI in the Windows registry. Users can find instructions for this process in Adobe's security advisory. The problem is not, however, limited to mailto URIs; indeed, a URL of the form http:%xx../../../../../../../../../windows/system32/calc.exe".cmd can launch the Windows calculator.

AOL has also reacted, and released version of the Netscape Web browser to patch the URI vulnerability in addition to a number of other flaws. The Netscape browser thus now provides the same security as the current version of Firefox

Of the applications known to be vulnerable, only the Miranda Instant Messenger is still affected. However, the update planned for November's Patch Tuesday for Windows is expected to at least reduce the severity of the problem for Miranda and other applications.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit