Adobe Systems Inc. has confirmed that there's a critical bug in its most popular programs, but it doesn't yet have a patch that protects Windows XP users against attacks arriving as PDF files. In an advisory posted Friday, Adobe admitted that the flaw first disclosed by Petko Petkov, a U.K.-based security researcher, was real. The San Jose-based company also provided a multiple-step work-around in lieu of a permanent fix to its Adobe Acrobat software and its free Adobe Reader application.
Last month, Petkov claimed in a blog posting that he had found a critical vulnerability that could be leveraged using PDF files, Adobe's popular document format. "Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," Petkov said Sept. 21 "Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page [that] embeds one." At the time, Petkov declined to provide proof-of-concept code, telling users: "You have to take my word for it." He recommended steering clear of all PDFs until a fix was available.