Current Activity - Adobe Reader and Acrobat Remote Code Execution Vulnerability

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Reader and Acrobat Remote Code Execution Vulnerability

Original release date: December 15, 2009 at 10:29 am
Last revised: December 15, 2009 at 10:29 am


Adobe has stated that they are investigating public reports of a
vulnerability affecting Adobe Reader and Acrobat. Public reports
indicate that exploitation of this vulnerability may occur when a user
opens a specially crafted PDF file. Exploitation of this vulnerability
may result in arbitrary code execution. Public reports currently
indicate active exploitation of this vulnerability.

US-CERT encourages users and administrators to do the following to
help mitigate the risks until the vendor is able to provide an update:
  * Review the Adobe blog entry regarding this issue.
  * Use caution when opening PDF files from untrusted sources.
  * Disable JavaScript in Adobe Acrobat and Reader. To do this, click
    "Edit," then "Preferences" and then "JavaScript," and uncheck
    "Enable Acrobat JavaScript."

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#adobe_reader_and_acrobat_remote

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSyeudducaIvSvh1ZAQI26Qf/SDsb7TQsre1zgWltb0BmBEnet1QRWiOY
AJJTqVr35ugqBR8FSLiu1Paw7fACy028T2eoaKLGcJsBWOlU79oX2/dhIQdx/PQ/
CMTTdhuz3CoHA5/8BcUVXld3ZYKlKZxPb1dYGEhTb9mA0BFJiKTjqNTfJ5Km8rsy
Md70SYlXxeniwwTkliVVpi87zuBMtgdqxSZNMl9IBjU4qWteqh1TTR0i++st/+hD
lpouebay7CCKG2eiVXnW4zEXe6OGBH7E1ttTC8maGPdiqEcFdbtDUQM4tC5yZgGh
oGqfVx/egvkNrmHqKwDl1BGm7Wvc+aeFJ+lKH0Rnixa5CdVobhVikQ==
=HeOY
-----END PGP SIGNATURE-----