PDF vulnerability being exploited
Back on 20 September SANS reported on an alleged vulnerability affecting Adobe Acrobat and Reader, a vulnerability that was confirmed while I was away, on 9 October 2007 (https://isc.sans.org/diary.html?storyid=3477).
SANS now reports that the vulnerability is being actively exploited, disabling the native Windows firewall, downloading a file via FTP and then executing it.
We don't use Adobe Reader here at the office, and maintain only a single copy of Acrobat for the occasional PDF that doesn't work with our chosen Adobe replacement, NitroPDF. I am assuming that Nitro is not affected by the vulnerability, but of course nothing is certain in this day and age. I'll check into that, and update this blog entry with any information that we receive.The vulnerability in Acrobat and Adobe Reader has been patched. Affected users are those running Windows XP, Windows Server 2003 and IE7, and Adobe Acrobat or Reader versions 8.1 and 7.0.9. 6.x is not affected by this particular vulnerability.
The Acrobat patch is available here
The Reader patch is available here