Difference between revisions of "Adobe PDF Reader and Acrobat Zero-Day Exploit 9.2"
| (7 intermediate revisions by one user not shown) | |||
| Line 7: | Line 7: | ||
'''This is how Adobe's site explains the problem:''' | '''This is how Adobe's site explains the problem:''' | ||
</td> | </td> | ||
| − | <td width= | + | <td width=400> |
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available. | Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available. | ||
| + | </td> | ||
| + | </tr> | ||
| + | |||
| + | <tr> | ||
| + | <td> | ||
| + | '''How to close this vulnerability:''' | ||
| + | </td> | ||
| + | <td> | ||
| + | # Launch Acrobat or Adobe Reader. | ||
| + | # Select Edit>Preferences | ||
| + | # Select the JavaScript Category | ||
| + | # Uncheck the 'Enable Acrobat JavaScript' option | ||
| + | # Click OK | ||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
<br> | <br> | ||
| − | You read | + | Adobe will not release a fix until January 12, 2010. |
| − | * Adobe's [http://www.adobe.com/support/security/advisories/apsa09-07.html Security bulletin] | + | <br><br> |
| − | * | + | You can read more here:<br> |
| − | * | + | * Adobe's [http://www.adobe.com/support/security/advisories/apsa09-07.html Security bulletin] |
| + | * [http://blogs.zdnet.com/security/?p=5119&tag=nl.e539 ZDNet Article] | ||
| + | * [http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214 Shadow Server Blog] | ||
<br> | <br> | ||
| − | + | Note about [http://en.wikipedia.org/wiki/Zero_day_attack Zero-day attack]: "A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available." | |
Latest revision as of 17:39, 16 December 2009
This is an exploit that affects Adobe PDF Reader and Acrobat. It is very serious and has not been addressed by Adobe.
|
This is how Adobe's site explains the problem: |
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available. |
|
How to close this vulnerability: |
|
Adobe will not release a fix until January 12, 2010.
You can read more here:
Note about Zero-day attack: "A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available."
