 |
Adobe Reader vulnerability |
|
|
|
|
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions
Description A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a website is usually sufficient to cause Acrobat to load PDF content. an attacker has injected a malicious java script that redirect users to malware sites. The script will download a file that will exploit the user system and install some malicious software. The sample below show the HTTP response that contains the script in HEX. Audience: Impact This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited. Vulnerable Systems Solutions - Clearing the Web Cache proxy and deleting temp files.
- Maintain updated antivirus software.
- Scan the systems.
- Disable JavaScript in Adobe Reader and Acrobat
- Prevent Internet Explorer from automatically opening PDF documents
- Disable the display of PDF documents in the web browser
- Do not access PDF documents from untrusted sources
A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available. Related Links |
