Adobe has acknowledged that recent versions of Reader and Acrobat contain unpatched bugs that could allow attackers to take over Windows systems via Internet Explorer.
The bugs were discovered by security company FrSIRT and reported to Adobe a week ago, the company said in an advisory this week. Both FrSIRT and Adobe classified the bugs as "critical", since they could be exploited by simply luring an Internet Explorer user to a malicious website.
"These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system," Adobe said in an advisory.
The bugs affect Adobe Reader 7.0.0 to 7.0.8 and Adobe Acrobat, both Standard and Professional versions, 7.0.0 through 7.0.8 on Windows. More specifically, the bugs affect the AcroPDF ActiveX control, AcroPDF.dll, which runs in Internet Explorer. Explorer is the only browser to use ActiveX, meaning other browsers aren't affected. Acrobat 8 is also unaffected. Adobe's recommended workaround is to delete the AcroPDF.dll file, as outlined in its advisory.
FrSIRT said the bugs involve memory corruption in AcroPDF.dll causing it to improperly handle malformed arguments passed to the "setPageMode()", "setLayoutMode()", "setNamedDest()" and "LoadFile()" methods. Adobe said it is working on a fix, which it hopes to publish on its website "in the near future".