Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe mailto vulnerability

Published: 2007-10-09
Last Updated: 2007-10-10 17:16:37 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

On October 5th, Adobe confirmed the vulnerability we reported on on September 20th.

While there is no patch available yet, there is a workaround available for the latest versions and slowly some details about the vulnerability are being made public as well. So applying the workaround might be very wise:

[quoting Adobe]
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockDown\cDefaultLaunchURLPerms

If tSchemePerms is set as follows:

To Disable mailto modify tSchemePerms by setting the mailto: value to 3

For older versions those hive's will be wrong at least, so the best approach would be to upgrade first as there is no guidance from Adobe themselves for those versions.

While at it, sign up for the adobe vulnerability alerts.

Updated to clarify older versions.

Swa Frantzen -- NET2S


0 comment(s)
Diary Archives