Adobe has fessed up to a dangerous code execution vulnerability affecting software programs installed on millions of Windows machines.
The flaw, publicly disclosed more than three weeks ago, could allow hackers to use rigged PDF files to take control of Window XP computers with Internet Explorer 7 installed.
The bug affects Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions, and Adobe Acrobat 3D.
The workaround involves disabling the mailto: option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry.
In its advisory, Adobe provided step-by-step instructions for manual editing of the registry but Windows users should be aware that careless registry editing can cause serious problems.
Adobe's public acknowledgment comes a day after Heise Security warned of similar URI handling bugs affecting a wide range of Windows applications. These include Skype (silently fixed), AOL's Netscape browser, mIRC and Miranda.
According to security alerts aggregator Secunia, this is a "highly critical" Windows vulnerability that should be fixed by Microsoft but Redmond's security response officials have no such plans, insisting it is "very difficult" to put protections in place without breaking existing applications.