NEWS FROM THE LAB - Wednesday, April 29, 2009

Two New Vulnerabilities in Adobe Acrobat Reader Posted by Patrik @ 04:18 GMT

Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution. This means they both could be used in targeted attacks and drive-by downloads. There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks.

We've said it before but it's worth repeating — use an alternative to Adobe Acrobat Reader. We won't recommend any reader over another as it would be better if people use a wide variety of them. A list of readers can be found here, pdfreaders.org. Others are Foxit, CutePDF, etc.

If you can't change from Adobe Reader we strongly recommend that you disable its ability to run JavaScript.

This is easily done via: Edit –> Preferences –> JavaScript –> Un-check "Enable Adobe JavaScript"

Disable JavaScript in Adobe Reader

Adobe has a blog post with more information here.