1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Adobe MailTo CVE-2007-5020

Attack: Adobe MailTo CVE-2007-5020

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.


This signature detects an attempt to exploit a vulnerability in Adobe Acrobat Reader which could result in remote code execution.

Additional Information

Adobe Acrobat Reader is a free document viewer for reading and commenting on PDF and PostScript files.

Adobe Acrobat is prone to a command-execution vulnerability when handling malicious PDF files. This issue affects the 'mailto' option in Acrobat. The issue occurs when Microsoft Windows tries to determine which application should be launched when interpreting protocol-handlers such as the 'mailto:' handler. The issue is caused by a change in how interactions are handled between Internet Explorer and Windows Shell.

Remote attackers can exploit this issue to compromise affected computers.

The vendor reports, this issue can only be exploited through Internet Explorer 7 installed on Microsoft Windows XP.

This issue is related to the issue described in BID 25945 (Microsoft Windows URI Handler Command Execution Vulnerability).

Note: The issue is being exploited in the wild by Trojan.Pdief.A.


  • Adobe Acrobat Standard 7.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube