Adobe Acrobat & Reader Mailto Vulnerability Exploited
A vulnerability in the mailto handling of Adobe Acrobat and Adobe Reader for Windows allows remote attackers to execute arbitrary code via a specially crafted PDF file.
Due to the wide-spread use of PDFs, the possibility exists for numerous systems to be exploited and for existing threats such as Storm Worm to exploit this vulnerability in the near future.
Users running Windows XP with Internet Explorer 7 installed. (Vista is not affected)
- Adobe Reader 8.1 and earlier,
- Adobe Reader 7.0.9 and earlier
- Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions
- Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier
The Information Technology Security Office (UISO) has not seen active exploitation of this vulnerability on any university systems, but is aware that the vulnerability is currently being exploited on the Internet at large.
Apply updates from Adobe.