US-CERT Technical Cyber Security Alert TA07-297B -- Adobe Updates for Microsoft Windows URI Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System
Technical Cyber Security Alert TA07-297B

Adobe Updates for Microsoft Windows URI Vulnerability

Original release date: October 24, 2007
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Windows XP and Windows Server 2003 systems with Internet
Explorer 7 and any of the following Adobe products:
* Adobe Reader 8.1 and earlier
* Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier
* Adobe Reader 7.0.9 and earlier
* Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and
earlier

Overview

Adobe has released updates for the Adobe Reader and Adobe Acrobat
product families. The update addresses a URI handling vulnerability in
Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.

I. Description

Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server
2003 changes the way Windows handles Uniform Resource Identifiers
(URIs). This change has introduced a flaw that can cause Windows to
incorrectly determine the appropriate handler for the protocol
specified in a URI. By creating a specially crafted URI in a PDF
document, an attacker can execute arbitrary commands on a vulnerable
system. More information about this vulnerability is available in
US-CERT Vulnerability Note VU#403150.

Public reports indicate that this vulnerability is being actively
exploited with malicious PDF files. Adobe has released Adobe Reader
8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.

II. Impact

By convincing a user to open a specially crafted PDF file, a remote,
unauthenticated attacker may be able to execute arbitrary commands.

III. Solution

Apply an update

Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to
address this issue. These Adobe products handle URIs in a way that
mitigates the vulnerability in Microsoft Windows.

Disable the mailto: URI in Adobe Reader and Adobe Acrobat

If you are unable to install an updated version of the software, this
vulnerability can be mitigated by disabling the mailto: URI handler in
Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin
APSB07-18 for details.

Appendix A. Vendor Information

Adobe

For information about updating affected Adobe products, see Adobe
Security Bulletin APSB07-18.

Appendix B. References

* Adobe Security Bulletin APSB07-18 -
<http://www.adobe.com/support/security/bulletins/apsb07-18.htm>

* Microsoft Security Advisory (943521) -
<http://www.microsoft.com/technet/security/advisory/943521.mspx>

* US-CERT Vulnerability Note VU#403150 -
<http://www.kb.cert.org/vuls/id/403150>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-297B Feedback VU#403150" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

October 24, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H
3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ
lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s
VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57
4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI
LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==
=PgB9
-----END PGP SIGNATURE-----