Thu, Apr 30, 2009
Unpatched Javascript-related Vulnerability in Adobe Acrobat Reader
Adobe has announced a vulnerability in all shipping versions of Adobe
Acrobat and Adobe Acrobat Reader, for all platforms (Windows, Macintosh
and UNIX). It allows a specially crafted PDF document to run arbitrary
commands when viewed with a vulnerable version of Reader. No patches
are yet available for the problem. However, the vulnerability requires
Javascript, and can be protected against by turning off Javascript within
Acrobat Reader. This can be done in Acrobat Reader via Edit>Preferences,
selecting Javascript, and unchecking "Enable Acrobat Javascript" as instructed
by Adobe. Adobe promises to provide more
information as it becomes available, via their security
advisory site and their product
security incident response team blog.
Alternatives to Adobe Acrobat Reader
Adobe Acrobat Reader is not the only software available to view
PDFs. When a flaw is reported in Acrobat Reader, it may be possible
to protect oneself against it by using another software package to
view PDFs. Alternatives to Acrobat Reader for Windows systems
include Foxit,
Cabaret
Stage, Xpdf, PDF-XChange
Viewer, and GSview.
A list
of PDF software is maintained at Wikipedia.
To be emailed any new alerts as they appear, or to cease being emailed such alerts, send email to securityalerts-request@cs.