Last month, a security analyst claimed to have discovered a flaw in Adobe Reader 8.1 that allowed attackers to take over a Windows system. The flaw could be exploited by nothing more than a maliciously crafted PDF file, the researcher said.
Adobe has now confirmed the existence of the flaw in a security advisory. The flaw affects Adobe Reader 8.1 and earlier; Adobe Acrobat Sandard, Professional, and Elements 8.1 and earlier; and Adobe Acrobat 3D on systems running Windows XP. In the advisory, Adobe details a workaround to disable the exploit until a fix comes along. The workaround involves editing the Windows registry and disabling the mailto: option in the aforementioned programs. According to Adobe, a proper patch should become available "before the end of October."