Update on Adobe Reader Issue [1]
This is an update on the Adobe Reader vulnerability first discussed on the Adobe PSIRT blog on April 27 (“Potential Adobe Reader Issue”). All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue. …
There is a patch on its way, but until May 12th follow the mitigation advice.
Vulnerability identifier: APSA09-02 [4]
… Adobe is planning to release product updates to Adobe Reader and Acrobat to resolve the relevant security issues. Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009. …
MITIGATION: Disable Javascript on Adobe Acrobat
1.) Edit>Preferences
2.) Uncheck the ‘Enable Acrobat JavaScript’ option
LINK:
[1] Update on Adobe Reader Issue (2009-Apr-28) [Adobe PSIRT]
[2] Potential Adobe Reader Issue (2009-Apr-27) [Adobe PSIRT]
[3] Adobe Reader ‘getAnnots()’ Javascript Function Remote Code Execution Vulnerability BID 34740 (2009-Apr-27) [SecurityFocus]
[4] Buffer overflow issues in Adobe Reader and Acrobat (2009-May-01) [Adobe]
Pingback: Adobe Reader 9.1.1 and Acrobat 9.1.1 « Visible Procrastinations