We have received a notice from US-CERT about a security flaw involving Internet Explorer 7 and Adobe Acrobat. The flaw only affects windows based machines that have Internet Explorer 7 and Adobe Acrobat products. If you have both of these products installed your system could be compromised if you opened a pdf file that was crafted to exploit this flaw. This flaw has been labelled critical, and we are prioritizing addressing this flaw with our customers.

Who should be concerned?

1. Anyone with both Internet Explorer version 7 and Adobe Acrobat installed.
2. Anyone using Adobe Acrobat products version 8.1 or earlier in conjunction with Internet Explorer 7.

If I meet the criteria that makes me vulnerable, what should I do?

1. You should avoid opening PDF files from untrusted sources.
2. You should apply an update for your Adobe Acrobat as soon as possible.
3. If unable to install an update, you should disable the mailto: URI handler on your Adobe Product (See Adobe Security Bulletin APSB07-18 for details on how to do this).

Where can I get more information about this problem?

• Adobe Security Bulletin APSB07-18
• US-CERT Advisory VU#403150
• Microsoft Security Advisory (943521)
• Registry fix to disable mailto: handler (Unsupported!)