CERT mailing list archives
Current Activity - Adobe Reader and Acrobat Remote Code Execution Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Wed, 16 Dec 2009 15:32:08 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Adobe Reader and Acrobat Remote Code Execution Vulnerability Original release date: December 15, 2009 at 10:29 am Last revised: December 16, 2009 at 2:04 pm Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. By convincing a user to open a specially crafted PDF file, an attacker may be able to execute arbitrary code. Public reports currently indicate active exploitation of this vulnerability. US-CERT encourages users and administrators to do the following to help mitigate the risks until the vendor is able to provide an update: * Review Adobe security advisory APSA09-07 and apply any necessary solutions listed in the document. * Use caution when opening PDF files from untrusted sources. * Disable JavaScript in Adobe Acrobat and Reader. To do this, click "Edit," then "Preferences" and then "JavaScript," and uncheck "Enable Acrobat JavaScript." Additional information regarding this vulnerability can be found in the US-CERT Vulnerability Notes Database. Relevant Url(s): <http://www.kb.cert.org/vuls/id/508357> <http://www.adobe.com/support/security/advisories/apsa09-07.html> ==== This entry is available at http://www.us-cert.gov/current/index.html#adobe_reader_and_acrobat_remote -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSylDttucaIvSvh1ZAQIxYwf+MrKG4+P/BbIR8H19LmaXykd3Y2yMJFwO +YL8LHohXP+LPpjpY9D0dpYxt6YE1FV5+oHJEP9bgORGaFzgoHbAdXZXv18qZZns W6fUMuDkeFY3/RMPfujVKXsNDcl/O58v1/7Q7v0U8y3SuhbnhWU93D+821m3PSq0 8GvJwOdavMEECx1tEY/AcR50xU5J4qmM26S3htUUvk35aKJO7TVEJ6RAAUX87Mww 6dcwSwhZlHrAAmWnQD/bQhU1JLfxz7Xmrk6eQkj21ad1QVf7+1iuRQmyybcpYSYk EJJJysC5V0V6T3PJqH103favNaJ+6YaN9TbQAgQM8l6m6R+Yz+ZFOQ== =8Phb -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Adobe Reader and Acrobat Remote Code Execution Vulnerability Current Activity (Dec 15)
- <Possible follow-ups>
- Current Activity - Adobe Reader and Acrobat Remote Code Execution Vulnerability Current Activity (Dec 16)