Adobe PDF bug jeopardizes desktop security

The Adobe PDF could be used to compromise a system running on Microsoft Windows XP, Adobe confirmed this week.

Remote code embedded in a PDF could be executed in Versions 8.1 and earlier of Adobe Reader, Adobe Acrobat or Acrobat Elements. Adobe Acrobat 3D is also vulnerable. All these programs must be used in conjunction with Internet Explorer 7 to trigger the exploitation.

According to the SANS Institute, which announced news of the vulnerability last month, the vulnerability stems from the failure of the software to properly handle Web addresses embedded in the document.

A malicious hacker could embed a PDF with a URL that could start other programs on the machine, or execute other operations.

Adobe has not yet issued a patch correcting the problem, but it has offered instructions on how to modify the Windows XP registry settings to correct the vulnerability.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected