The big news this week in PDF is being made by several security vulnerabilities affecting Acrobat and Adobe Reader that could be used to hijack a user's system. Planet PDF talks about the nature of the vulnerabilities and their current status.
First discovered in late-September by French Security Incident Response Team (FrSIRT), the bugs affect Adobe Reader, Acrobats Standard and Professional versions 7.0.0 through 7.0.8. According to FrSIRT's security advisory, attackers could exploit them to completely take over an affected system. Specifically, the flaws are caused by memory corruption errors in the AcroPDF ActiveX control (AcroPDF.dll), which does not properly handle malformed arguments passed to the "setPageMode()", "setLayoutMode()", "setNamedDest()", and "LoadFile()" methods. This allows remote attackers to execute arbitrary commands by tricking users into visiting specially-crafted Web pages using Internet Explorer.
Both Adobe and FrSIRT have listed the error as "critical", while Secunia's advisory is more optimistic, presumably because Adobe has already provided a workaround fix. According to Adobe's own advisory:
The upcoming version of Adobe Reader, which will not be vulnerable to this issue, is also expected to be available in the near future. Acrobat 8 is not affected by this issue. The vulnerability is in an ActiveX control used by Internet Explorer; users of other browsers are not affected. The following workaround will prevent these vulnerabilities from occurring in Adobe Reader 7.0.X on Windows using Internet Explorer:
Exit Internet Explorer and Adobe Reader.
Browse to <volume>:\Program Files\Adobe\Acrobat 7.0\ActiveX.
Note: If you did not install Acrobat to the default location, browse to the location of your Acrobat 7.0 folder.
Select AcroPDF.dll and delete it.
NOTE: This workaround will prevent PDF documents from opening within an Internet Explorer window. After applying this workaround, clicking on PDF files within Internet Explorer will either open in a separate instance of Adobe Reader or the user will be prompted to download the file, which can then be opened in Adobe Reader. This workaround may disrupt some enterprise workflows and use of PDF forms.
To plug the hole without deleting the entire .dll file, FrSIRT claims that it is sufficient to merely set a "kill bit" for the CLSID {CA8A9780-280D-11CF-A24D-444553540000}. In any case, a bulletin will be posted when Adobe's formal "bugfix" patch becomes available.
OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.
Generate more, higher-quality sales leads from your PDF marketing content. Docmetrics is a web-based system that lets you capture previously unavailable reader data. Free trial.
