Current Activity - Adobe Reader and Acrobat Remote Code Execution Vulnerability

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Reader and Acrobat Remote Code Execution Vulnerability

Original release date: December 15, 2009 at 10:29 am
Last revised: December 16, 2009 at 2:04 pm


Adobe has released a security advisory to address a vulnerability in
Adobe Reader and Acrobat. By convincing a user to open a specially
crafted PDF file, an attacker may be able to execute arbitrary code.
Public reports currently indicate active exploitation of this
vulnerability.

US-CERT encourages users and administrators to do the following to
help mitigate the risks until the vendor is able to provide an update:
  * Review Adobe security advisory APSA09-07 and apply any necessary
    solutions listed in the document.
  * Use caution when opening PDF files from untrusted sources.
  * Disable JavaScript in Adobe Acrobat and Reader. To do this, click
    "Edit," then "Preferences" and then "JavaScript," and uncheck
    "Enable Acrobat JavaScript."

Additional information regarding this vulnerability can be found in
the US-CERT Vulnerability Notes Database.

Relevant Url(s):
<http://www.kb.cert.org/vuls/id/508357>

<http://www.adobe.com/support/security/advisories/apsa09-07.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#adobe_reader_and_acrobat_remote

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSylDttucaIvSvh1ZAQIxYwf+MrKG4+P/BbIR8H19LmaXykd3Y2yMJFwO
+YL8LHohXP+LPpjpY9D0dpYxt6YE1FV5+oHJEP9bgORGaFzgoHbAdXZXv18qZZns
W6fUMuDkeFY3/RMPfujVKXsNDcl/O58v1/7Q7v0U8y3SuhbnhWU93D+821m3PSq0
8GvJwOdavMEECx1tEY/AcR50xU5J4qmM26S3htUUvk35aKJO7TVEJ6RAAUX87Mww
6dcwSwhZlHrAAmWnQD/bQhU1JLfxz7Xmrk6eQkj21ad1QVf7+1iuRQmyybcpYSYk
EJJJysC5V0V6T3PJqH103favNaJ+6YaN9TbQAgQM8l6m6R+Yz+ZFOQ==
=8Phb
-----END PGP SIGNATURE-----