Wednesday, January 10th, 2007...8:28 am...by: Anthony

Another Adobe Acrobat Reader Vulnerability

Jump to Comments

According to Adobe’s Security Advisory site there is another error with the Adobe Acrobat Reader program.

For those of you that do not know, when you visit a web site and click on a PDF file link to open it, this is the program that opens that PDF file right in your web browser.

The error is in the actual program itself, which lives on your computer. There is a flaw in the code that leaves you open to possible attack and it is to that fact that Adobe is alerting everyone.

Additionally, this newest error (which is different from the Acrobat error announced last week) has been give Adobe’s highest rating of “critical”. According to Adobe, this is the definition of a critical error:

A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.

They are recommending that you upgrade to the latest version of Adobe Acrobat Reader

OR (not recommended by Adobe ;))

Switch to Brava! PDF reader. This is the one that I use for several reasons and now I have one more reason ;).

If you are a webmaster and want to protect visitors to your website who may click-to-open PDF files that you are publishing, there are some things you can do also.

For IIS 6.0 servers:

  1. Open the Internet Information Services Manager.
  2. Locate the folder containing PDFs under your Web site.
  3. Right-click the folder and select Properties.
  4. Select the HTTP Headers tab.
  5. Click the MIME Types… button.
  6. Click the New… button to create a new MIME type.
  7. Enter pdf for the Extension and application/octect-stream for MIME type.
  8. Click ok.
  9. Click ok.
  10. Click ok to apply the changes.

For Apache 2.2.3 Servers
Use mod_mime and AddType or mod_rewrite

  1. Open httpd.conf
  2. Locate the section
  3. Insert AddType applaction/octect-stream .pdf
  4. Close and Save httpd.conf
  5. Restart the Apache Service

If you are not comfortable with the above steps, do not attempt them. Alternatively, if you are with a managed host provider, contact them and see if they have taken these steps (probably they have not ;)).

Share and Enjoy:
  • Digg
  • del.icio.us
  • Google
  • Facebook
  • SphereIt
  • Reddit
  • Technorati
  • LinkedIn
  • Netvouz
  • description
  • ThisNext
  • MisterWong
  • Wists
  • BlogMemes
  • Furl
  • NewsVine
  • Slashdot
  • Spurl
  1. Adobe Acrobat Reader Vulnerability According to CNet, an error has been discovered the Adobe...
  2. Adobe Reads Our Blog Evidently, someone at Adobe reads our blog. Yesterday, I posted...
  3. Adobe Flash Player Clickjacking Vulnerability The recently reported clickjacking vulnerability affecting Adobe Flash Player could...
  4. New PDF Viewing Software Mmmmmm... we love free software. Actually, we love anything free,...
  5. Adobe PDF Flaw A hacker has discovered a flaw with Adobe PDF. If...

If you like what you read, please consider subscribing to our blog by RSS or by e-mail.
It would really help us out.



Here are a Few Related Posts

  1. Adobe Acrobat Reader Vulnerability According to CNet, an error has been discovered the Adobe...
  2. Adobe Reads Our Blog Evidently, someone at Adobe reads our blog. Yesterday, I posted...
  3. Adobe Flash Player Clickjacking Vulnerability The recently reported clickjacking vulnerability affecting Adobe Flash Player could...
  4. New PDF Viewing Software Mmmmmm... we love free software. Actually, we love anything free,...
  5. Adobe PDF Flaw A hacker has discovered a flaw with Adobe PDF. If...

1 Comment

Filed under Security

1 Comment

Leave a Reply