Adobe warns about two vulnerabilities in its Adobe Reader and Acrobat products. The vulnerabilities are related to the way of handling getAnnots() and customDictionaryOpen() JavaScript calls. The vulnerabilities can be exploited by luring user to open specially crafted PDF file. Successful exploitation makes it possible to execute arbitrary code in target system.
Vulnerable versions are:
* Adobe Reader and Acrobat 9.1 and earlier versions (Windows, Unix, Mac)
* Adobe Reader and Acrobat 8.1.4 and earlier versions (Windows, Unix, Mac)
* Adobe Reader and Acrobat 7.1.1 and earlier versions (Windows, Mac)
Currently, there's no update or schedule of upcoming one available. Adobe recommends disabling JavaScript support in Adobe products until update is available and installed.
Disabling can be done by following these steps:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
Opening PDF documents received or found from dubious sources should be avoided.
More information can be found here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment