David Baxter PhD
Late Founder
Two New Vulnerabilities in Adobe Acrobat Reader
F-Secure Blog
April 29, 2009
Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution. This means they both could be used in targeted attacks and drive-by downloads. There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks.
se an alternative to Adobe Acrobat Reader... [See] pdfreaders.org... [or] Foxit, [or] CutePDF.
If you can't change from Adobe Reader we strongly recommend that you disable its ability to run JavaScript.This is easily done via: Edit ?> Preferences ?> JavaScript ?> Un-check "Enable Adobe JavaScript".
Adobe has a blog post with more information here.
F-Secure Blog
April 29, 2009
Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution. This means they both could be used in targeted attacks and drive-by downloads. There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks.
se an alternative to Adobe Acrobat Reader... [See] pdfreaders.org... [or] Foxit, [or] CutePDF.
If you can't change from Adobe Reader we strongly recommend that you disable its ability to run JavaScript.This is easily done via: Edit ?> Preferences ?> JavaScript ?> Un-check "Enable Adobe JavaScript".
Adobe has a blog post with more information here.
