Status Tracking Note TRTA07-297B

Adobe Updates for Microsoft Windows URI Vulnerability

Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.

Event Information

Date (UTC)	Description
2007-11-13	Microsoft Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution Advisory updated to reflect publication of security bulletin
2007-11-05	Symantec Trojan.Pidief.B Exploit for CVE-2007-5020
2007-10-29	Trend Micro EXPL_PIDIEF.D Exploit for CVE-2007-5020
2007-10-26	Trend Micro EXPL_PIDIEF.C Exploit for CVE-2007-5020
2007-10-25	Microsoft Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution Advisory updated to reflect increased threat level
2007-10-24 21:45	US-CERT TA07-297B: Adobe Updates for Microsoft Windows URI Vulnerability Via US-CERT Mailing List Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.
2007-10-23 18:28	US-CERT Active Exploitation of Vulnerabilities in Adobe Acrobat and Adobe Reader US-CERT Current Activity US-CERT is aware of active exploitation of previously reported vulnerabilities in Adobe Acrobat and Adobe Reader. Adobe has released an update to address these vulnerabilities.
2007-10-23 12:18	Full-disclosure PDF mailto exploit in the wild Active Exploitation of Vulnerabilities (CVE-2007-5020)
2007-10-23 07:45	Symantec When PDF's Attack... Again! Fast forward to October 2007, where we now have a new Adobe PDF vulnerability on our hands. First disclosed on September 20, 2007 by "pdp" on the Gnucitizen Web site, it was subsequently patched by Adobe yesterday.
2007-10-23	Trend Micro EXPL_PIDIEF.B Exploit for CVE-2007-5020
2007-10-23	SANS Internet Storm Center PDF mailto exploit documents in the wild
2007-10-23	Symantec Trojan.Pidief.A Exploit for CVE-2007-5020
2007-10-22	Adobe APSB07-18: Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed.
2007-10-16 21:00	Symantec ThreatCON (2) => (1)
2007-10-16 12:00	Full-disclosure 0-day PDF exploit Vulnerability Proof Of Concept (CVE-2007-5020) #Cid: pdf_poc.pdf
2007-10-16	Trend Micro EXPL_PIDIEF.A Exploit for CVE-2007-5020
2007-10-15	IBM Internet Security Systems RealNetworks RealPlayer unspecified ActiveX buffer overflow An unspecified RealNetworks RealPlayer ActiveX control is vulnerable to a buffer overflow.
2007-10-10 03:00	Microsoft Security Response Center Blog Additional Details and Background on Security Advisory 943521
2007-10-10	Microsoft Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
2007-10-09 19:31	US-CERT Adobe Acrobat and Adobe Reader Vulnerability CERT/CC Current Activity Adobe has issued a Security Advisory to address a vulnerability in Adobe Acrobat and Adobe Reader. By convincing a user to open a specially crafted pdf file in Microsoft Internet Explorer 7, an attacker may be able to execute arbitrary code.
2007-10-09 18:00	Symantec ThreatCON (1) => (2) On October 10, 2007, Microsoft released Security Advisory 943521 regarding a command-injection vulnerability affecting users of Windows XP and Server 2003 with IE7 installed.
2007-10-09	SANS Internet Storm Center Adobe mailto vulnerability On October 5th, Adobe confirmed the vulnerability we reported on on September 20th.
2007-10-05	Adobe APSA07-04: Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat
2007-09-20 13:21	BugTraq 0day: PDF pwns Windows I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.
2007-09-20	SANS Internet Storm Center Alleged Acrobat Vulnerability

Reference


Date first published (UTC):	2007-10-28T13:58+00:00
Date last updated (UTC):	2007-11-15T23:10+00:00