Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Confirms Unpatched PDF Backdoor

Posted by CmdrTaco on from the machines-wide-open dept.

50Mat writes "Adobe has fessed up to a dangerous code execution vulnerability affecting software programs installed on millions of Windows machines. The flaw, publicly disclosed more than three weeks ago, could allow hackers to use rigged PDF files to take control of Window XP computers with Internet Explorer 7 installed. It affects Adobe Reader, Adobe Acrobat Standard, Professional and Elements and Adobe Acrobat 3D."

2 of 170 comments (clear)

  1. Re:If it's only a problem on XP by JoelKatz · · Score: 5, Insightful

    From what I understand, and there isn't much in the way of technical details available, this is not an IE flaw. IE, correctly, doesn't assume that a URI is invalid just because it looks odd. This is correct, because there is no way IE can know if an URI for another protocol is valid or invalid. It is the responsibility of the target program to sanitize its input, knowing full well that it comes from an untrusted source.

  2. Re:What About Foxit? by msuarezalvarez · · Score: 4, Insightful

    I'm wondering who I should report it to? HP or foxit?

    To Microsoft. If a PDF reader can crash the OS, it's their bug.