Educause Security Discussion mailing list archives
Re: Adobe Reader CVE-2009-4324 workaround
From: Brad Judy <win-hied () BRADJUDY COM>
Date: Wed, 16 Dec 2009 12:51:25 -0500
As a quick follow-up, Adobe's first recommendation is to use the JavaScript blacklist feature to protect from this exploit. They provide instructions on that here: http://kb2.adobe.com/cps/532/cpsid_53237.html which include a link to a set of registry files to set [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cJavaScriptPerms] "tBlackList"="DocMedia.newPlayer" Altering the JavaScript settings within Adobe Reader may break the ability to submit PDF forms, so use with caution. Brad Judy Emory University From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Wednesday, December 16, 2009 8:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Adobe Reader CVE-2009-4324 workaround The current Adobe advisory (http://www.adobe.com/support/security/advisories/apsa09-07.html) regarding the new Adobe Reader zero-day exploit instructs to disable Javascript within Adobe Reader as a workaround. I just did a quick test and confirmed that this setting uses the following registry key, which could be used to disable Javascript within Adobe Reader en masse within your organization (via GPO or desktop management software). HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\JSPrefs "bEnableJS"=dword:00000000 After a patch is deployed, setting it back to a value of 1 will enable Javascript within Adobe Reader. Brad Judy Emory University
Current thread:
- Adobe Reader CVE-2009-4324 workaround Brad Judy (Dec 16)
- <Possible follow-ups>
- Re: Adobe Reader CVE-2009-4324 workaround Brad Judy (Dec 16)
- Re: Adobe Reader CVE-2009-4324 workaround Theodore Pham (Dec 16)