Educause Security Discussion mailing list archives

Adobe Reader CVE-2009-4324 workaround

From: Brad Judy <win-hied () BRADJUDY COM>
Date: Wed, 16 Dec 2009 08:45:41 -0500

The current Adobe advisory
(http://www.adobe.com/support/security/advisories/apsa09-07.html)  regarding
the new Adobe Reader zero-day exploit instructs to disable Javascript within
Adobe Reader as a workaround.



I just did a quick test and confirmed that this setting uses the following
registry key, which could be used to disable Javascript within Adobe Reader
en masse within your organization (via GPO or desktop management software).



HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\JSPrefs

"bEnableJS"=dword:00000000



After a patch is deployed, setting it back to a value of 1 will enable
Javascript within Adobe Reader.



Brad Judy



Emory University

Current thread:

Adobe Reader CVE-2009-4324 workaround Brad Judy (Dec 16)
- <Possible follow-ups>
- Re: Adobe Reader CVE-2009-4324 workaround Brad Judy (Dec 16)
- Re: Adobe Reader CVE-2009-4324 workaround Theodore Pham (Dec 16)