Wednesday, November 29, 2006

Adobe ActiveX Control Remote Code Execution Vulnerability

It would appear that a new remote code execution vulnerability has been discovered today for Adobe Reader and Acrobat ActiveX.

It currently affects the following products:

Adobe Reader versions 7.0.0 through 7.0.8
Adobe Acrobat Standard versions 7.0.0 through 7.0.8
Adobe Acrobat Professional versions 7.0.0 through 7.0.8

The Adobe secuirty team is looking into the issue and currently there is no patch.

Set a kill bit for the CLSID {CA8A9780-280D-11CF-A24D-444553540000} or delete "AcroPDF.dll" will fix the issue for now however.

Adobe -http://www.adobe.com/support/security/advisories/apsa06-02.html
FrSIRT -http://www.frsirt.com/english/advisories/2006/4751

No comments:

Post a Comment