Attack code targets unpatched Adobe Reader flaw

A security researcher has published a proof-of-concept exploit for a known vulnerability in Adobe Reader. The researcher, known only as 'Cyanid-E', unveiled his creation in a posting to the Full Disclosure security mailing list on Tuesday.

The vulnerability has been confirmed on a fully patched Windows XP system running Adobe's Acrobat Reader 8.1 and Internet Explorer 7. Details about the vulnerability were published in late September on the GNU Citizen blog.

View: the full story
News source: vnunet

Report a problem with article
Previous Story

Skype in MySpace hook-up

Next Story

AMD Preps Integrated DirectX 10 Platform for Early 2008


Are they going to fix this or not? The "workaround" is a complicated RegEdit procedure that your average mom and pop aren't going to do.

adobe sux
why is adobe reader like 20mb and foxit is like 2 yet they do the exact same thing
i bet foxit could patch any hole in their software in like a day


The information in the Adobe "workaround" article is incorrect if you are using Windows XP, IE7 and Acrobat Reader 7 as the URL mentioned in the article does not exist for that version of AR.

The correct URL for AR7 is:


Modify the relevant item in this key (from 0x32 to 0x33) to disable the mailto: functionality.

Kind Regards


Commenting is disabled on this article.