Adobe PDF exploits continue after patch

Posted by Mark Raby

San Jose (CA) - Just hours after Adobe fixed a vulnerability in its PDF viewing applications, users became warned of a continuing security threat.

Adobe Acrobat and Adobe Reader became hot programs for spammers after a glitch was discovered to exploit the program's "mailto" command.  Hackers used this in connection with a malicious PDF code to send out bulk e-mails with dangerous PDF attachments.

The documents, if opened, could seize someone's computer and immediately implant malware on it.  After Adobe said it updated the programs on Monday, Symantec sent out advisory warnings saying vulnerabilities still existed.

According to the bulletin, though, the flaw is also in part due to Microsoft's Internet Explorer, which allows the hack to bypass security protocols.  Users with IE 7 on Windows XP or Windows Server 2003 are vulnerable.

Symantec says that users should "apply the patches outlined in Adobe Advisory APSB07-18 as soon as possible."