CERT, Adobe Warn of Flaw in PDF File Readers

Advisory comes nearly a week after information on the problem was leaked on the Internet.

Nearly a week after information on the problem was leaked on the Internet, Adobe Systems Inc. and CERT on Wednesday put out statements warning of a vulnerability in several software packages used to read Adobe PDF files on Unix machines.

The flaw allows a remote attacker to execute code on a vulnerable machine with the privileges of the local user. This is possible because the flawed readers spawn external programs to handle hyperlinks contained within PDF documents. In order to exploit the vulnerability, an attacker could embed a hyperlink within a malicious PDF.

A number of readers/viewers are vulnerable, including Adobe Reader and versions from Red Hat Inc., Sun Microsystems Inc. and The Debian Project. Adobes newly released Reader 5.07 includes a patch that fixes this flaw. The vulnerability affects machines running Unix, AIX, Linux, Solaris or HP/UX; Windows and Macintosh machines are unaffected.

On Friday someone using the handle Hack4life posted to the Full Disclosure mailing list a copy of a message that the CERT Coordination Center sent to vendors warning them of the Adobe flaw. CERT officials said they dont know how the message was leaked.

Hack4life has become something of a nuisance for CERT. This marks the third time the individual has posted CERT documents to the Full Disclosure list.

The updated version of Adobe Reader is available here.