Original URL: http://www.theregister.co.uk/2006/12/01/adobe_vuln/

PDFs open critical hole in Internet Explorer

Botnet surprise

By Christopher Williams

Posted in Security, 1st December 2006 11:18 GMT

A critical vulnerability has been identified in Adobe's Acrobat and Reader software which affects Internet Explorer users.

As well as causing crashes, the frailty could allow a botnet to take control of the whole computer when a PDF is opened within Explorer.

The hole is present in Acrobat Standard and Professional versions 7.0.0 to 7.0.8, and Adobe Reader 7.0.0 to 7.0.8. Only Microsoft's browser is vulnerable.

Adobe's programmers are working on a patch, which should be available on its support site soon. In the meantime, deleting AcroPDF.dll from the will prevent Explorer from opening PDFs in the browser window.

Adobe's advisory is here. ®