-
Russell Mickler, Principal Consultant, has over 17 years of professional experience leading and managing IT organizations.
US-CERT Advises of Critical PDF Vulnerability
Written on October 24, 2007
Leave a Comment
|
This is a technical observation that system administrators would find of particular interest…. if you’re a sysadmin, or, have a system administrator for your small business, they should be aware of this information at the earliest opportunity.
On Wednesday October 24, 2007, US-CERT (the US Computer Emergency Readiness Team) issued a technical advisory for Windows XP, Windows Server 2003, and IE 7.0.
US-CERT advises that a vulnerability has been discovered whereas a *.PDF can be engineered to exploit the vulnerability and execute arbitrary commands on the target machine.
The exploit can be mitigated by upgrading to the latest versions of Adobe Acrobat and Viewer, as outlined in Adobe’s Security Bulletin of Oct 22, 2007.
US-CERT reports known incidents of compromise from engineered *.PDF’s being circulated in email and downloaded as seemingly legimiate content from the web.
It’s recommended that the Adobe products be upgraded at the earliest opportunity.