Links
Critical Adobe Reader And Acrobat JavaScript Vulnerability
GSA Reference Number: AD090430-01
Simply Put: All versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability. Currently, Adobe has not released a patch for this issue. Gladiator recommends disabling JavaScript in Adobe Reader and Adobe Acrobat to help mitigate the issue.
Vulnerability Details: The attack occurs when a user opens a malicious PDF document in either Adobe Acrobat or Adobe Reader. The PDF contains malicious JavaScript code that can allow attackers to possibly execute arbitrary code. Currently JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be used to execute arbitrary code on the machine.
Countermeasures: To help mitigate the issue you can follow the instructions below to disable JavaScript in Adobe Reader and Adobe Acrobat. Please note: this does not eliminate the vulnerability; it only disables the JavaScript component. Until a patch is released and applied, if JavaScript is re-enabled, then the vulnerability will become active again.
- Launch Acrobat or Adobe Reader
- Select Edit>Preferences
- Select the JavaScript Category
- Uncheck the ‘Enable Acrobat JavaScript’ option
- Click OK
Please note that when Reader and Acrobat try to open a document containing JavaScript, they will prompt the user to re-enable JavaScript even after it has been disabled. User education is a must.
Reference Links:
- Adobe PSIRT Blog Entry (http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html)
- US-CERT (http://www.kb.cert.org/vuls/id/970180)
- Security Focus (http://www.securityfocus.com/bid/34740) (http://www.securityfocus.com/bid/34736)