Buffer overflow issues in Adobe Reader and Acrobat

Discussion in 'other security issues & news' started by NICK ADSL UK, May 4, 2009.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,502
    Location:
    UK
    SummaryA critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system. A second vulnerability has also been reported that appears to affect Adobe Reader for Unix only (CVE-2009-1493).

    Adobe is planning to release product updates to Adobe Reader and Acrobat to resolve the relevant security issues. Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009. The Adobe Reader for Unix updates will resolve both security issues. A security bulletin will be published at http://www.adobe.com/support/security as soon as product updates are available.

    In the meantime, to mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following instructions below:

    1. Launch Acrobat or Adobe Reader.
    2. Select Edit>Preferences
    3. Select the JavaScript Category
    4. Uncheck the ‘Enable Acrobat JavaScript’ option
    5. Click OK

    http://www.adobe.com/support/security/advisories/apsa09-02.html
     
    NICK ADSL UK, May 4, 2009
    #1
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,926
    Location:
    Texas
    Story
     
    ronjor, May 5, 2009
    #2
  3. PsychEroc

    PsychEroc Registered Member

    Joined:
    May 3, 2009
    Posts:
    14
    PsychEroc, May 5, 2009
    #3
  4. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,248
    Location:
    USA
    If you're using the free version (Adobe Reader), why not simply get rid of it and use an alternative, as the article suggests? I blasted all traces of AR off my systems many, many months ago and have never regretted doing so.

    Currently, I'm using PDF-XChange Viewer (of course there are others available):
    http://www.docu-track.com/downloads/users

    Here's their Secunia track record thus far:
    http://secunia.com/advisories/product/18144/
     
    prius04, May 5, 2009
    #4
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Would a home user typically need the javascript enabled in Adobe Reader? What added benefits or features would javascript provide in embedded in a PDF?

    FWIW, I've been using Foxit Reader for a while so my question above is just out of curiosity.
     
    innerpeace, May 5, 2009
    #5
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,653
    Last edited: May 13, 2009
    FanJ, May 13, 2009
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...