Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Adobe mailto vulnerability SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe mailto vulnerability

On October 5th, Adobe confirmed the vulnerability we reported on on September 20th.

While there is no patch available yet, there is a workaround available and slowly some details about the vulnerability are being made public as well. So applying the workaround might be very wise:

[quoting Adobe]
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockDown\cDefaultLaunchURLPerms

If tSchemePerms is set as follows:

To Disable mailto modify tSchemePerms by setting the mailto: value to 3

While at it, sign up for the adobe vulnerability alerts.

Swa Frantzen -- NET2S



760 Posts

Sign Up for Free or Log In to start participating in the conversation!