Adobe Vulnerability

Adobe has acknowledged "a critical security vulnerability in Adobe Reader and Acrobat" reported several weeks ago. The vulnerability affects only Windows XP with Internet Explorer 7 (Vista is not affected).

The workaround involves disabling the mailto: option in Acrobat and Reader, which is a pretty good clue that it is the vulnerable component. Alternatively, you can set it to prompt the user rather than disable it entirely.

If you are using the full Acrobat product, go to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms

If you are using Acrobat Reader, go to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockDown\cDefaultLaunchURLPerms

In that key find the tSchemePerms data value.

* If tSchemePerms is set as follows:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|
mailto:2|file:2
* To Disable mailto (recommended)
Modify tSchemePerms by setting the mailto: value to 3:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|
mailto:3|file:2
* To set mailto to prompt
Modify tSchemePerms by removing the mailto: value:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|
file:2