Educause Security Discussion mailing list archives
Adobe Reader CVE-2009-4324 workaround
From: Brad Judy <win-hied () BRADJUDY COM>
Date: Wed, 16 Dec 2009 08:45:41 -0500
The current Adobe advisory (http://www.adobe.com/support/security/advisories/apsa09-07.html) regarding the new Adobe Reader zero-day exploit instructs to disable Javascript within Adobe Reader as a workaround. I just did a quick test and confirmed that this setting uses the following registry key, which could be used to disable Javascript within Adobe Reader en masse within your organization (via GPO or desktop management software). HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\JSPrefs "bEnableJS"=dword:00000000 After a patch is deployed, setting it back to a value of 1 will enable Javascript within Adobe Reader. Brad Judy Emory University
Current thread:
- Adobe Reader CVE-2009-4324 workaround Brad Judy (Dec 16)
- <Possible follow-ups>
- Re: Adobe Reader CVE-2009-4324 workaround Brad Judy (Dec 16)
- Re: Adobe Reader CVE-2009-4324 workaround Theodore Pham (Dec 16)