Sunday, February 7, 2010

GDI Object Leak in Adobe Reader 9.2 and 9.3

There is a GDI object leak in Adobe Reader versions 9.2 and 9.3 (the latest). The leak happens when any PDF is opened in a new IE window, and persists even if the new IE window gets closed. Initially you leak around 4 GDI objects per iteration, but that snowballs a few dozen iterations in until you hit the Windows default per process GDI object limit of 10,000. At that point, PDFs won't render any more, and Windows Explorer might fail due to resource exhaustion. The problem happens after opening and closing around 120-150 PDFs in new IE windows. If this bug is affecting you or any business process you have, you might want to consider downgrading the affected machines to the fully security patched Adobe Reader version 8.2 level. This bug has been reported to Adobe and has Adobe Bug Number 2551445. Adobe has provided no ETA for a fix yet.

If you need any assistance providing an automated upgrade package for Adobe Reader or anything else, please contact sales @ sharpesecurity.com.

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

No comments:

Post a Comment