Security

Another Adobe Acrobat Reader Vulnerability

January 10, 2007

According to Adobe’s Security Advisory site there is another error with the Adobe Acrobat Reader program.

For those of you that do not know, when you visit a web site and click on a PDF file link to open it, this is the program that opens that PDF file right in your web browser.

The error is in the actual program itself, which lives on your computer. There is a flaw in the code that leaves you open to possible attack and it is to that fact that Adobe is alerting everyone.

Additionally, this newest error (which is different from the Acrobat error announced last week) has been give Adobe’s highest rating of “critical”. According to Adobe, this is the definition of a critical error:

A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.

They are recommending that you upgrade to the latest version of Adobe Acrobat Reader

OR (not recommended by Adobe ;))

Switch to Brava! PDF reader. This is the one that I use for several reasons and now I have one more reason ;).

If you are a webmaster and want to protect visitors to your website who may click-to-open PDF files that you are publishing, there are some things you can do also.

For IIS 6.0 servers:

  1. Open the Internet Information Services Manager.
  2. Locate the folder containing PDFs under your Web site.
  3. Right-click the folder and select Properties.
  4. Select the HTTP Headers tab.
  5. Click the MIME Types… button.
  6. Click the New… button to create a new MIME type.
  7. Enter pdf for the Extension and application/octect-stream for MIME type.
  8. Click ok.
  9. Click ok.
  10. Click ok to apply the changes.

For Apache 2.2.3 Servers
Use mod_mime and AddType or mod_rewrite

  1. Open httpd.conf
  2. Locate the section
  3. Insert AddType applaction/octect-stream .pdf
  4. Close and Save httpd.conf
  5. Restart the Apache Service

If you are not comfortable with the above steps, do not attempt them. Alternatively, if you are with a managed host provider, contact them and see if they have taken these steps (probably they have not ;)).

designer

CCT

Are You Ready?

When you are ready to get more specific information about your project, click here and fill out our handy online form for a free web design quote.

Get My Free Quote

you need a website?
we can help

    order a project

    arrow

    Recent Posts

    In Web Design

    Responsive Website Design Services in Morehead City NC

    Security

    Domain Name Services Scam - Kind of

    Jan 10, 2007

    According to Adobe’s Security Advisory site there is another error with the Adobe Acrobat Reader program. For those of you that do not know, whe...

    Captivating Website Design - Morehead City NC

    Security

    Web Design Basics

    Jan 10, 2007

    According to Adobe’s Security Advisory site there is another error with the Adobe Acrobat Reader program. For those of you that do not know, whe...

    Dynamic Web Design in Morehead City NC

    Security

    Three Common Web Design Mistakes

    Jan 10, 2007

    According to Adobe’s Security Advisory site there is another error with the Adobe Acrobat Reader program. For those of you that do not know, whe...

    arrow

    Go to our blog