Another zero day exploit targeting Adobe Reader

Wiz Feinberg · Post by **Wiz Feinberg** » 11 Oct 2009 8:22 am

Trend Micro (makers of PC-cillin) have identified a new PDF threat that uses the built-in JavaScript engine in Adobe Acrobat and Reader to download malicious files that open a backdoor on a Windows computer. All versions up to 9.1.3 are affected by this new "heap spray" exploit.

Adobe has indicated that it will include this vulnerability in its upcoming security update release. Meanwhile, users are recommended to disable JavaScript in Adobe Acrobat/Reader to mitigate the said attack. To do this, they should follow these steps:

1. Open Adobe Acrobat or Reader
2. Go to Edit > Preferences
3. Select JavaScript under the Categories tab
4. Uncheck “Enable Acrobat JavaScript”
5. Click OK.

I will post an update when the patch has been released to the public. In the meantime, if you don't mind losing some fancy functions when reading PDF files, just leave JavaScript disabled in Adobe Reader. This is at least the second attack exploiting this weakness in Adobe products this year. When Adobe finally fixes these heap spray attack vulnerabilities it may be safe to re-enable JavaScript.

Bent Romnes · Post by **Bent Romnes** » 11 Oct 2009 5:55 pm

Wiz, thanks for staying on top of things and warning us with all these security issues. If it hadn't been for you we wouldn't have known about it.

I would like to say that you go way above and beyond the call of duty. Thanks again!

Michael Dene · Post by **Michael Dene** » 12 Oct 2009 12:41 am

Wiz,

thanks from another very appreciative reader ....

20 years ago I was "well informed" on a lot of this stuff, .... now, I still am, but only 'cause you give us the heads up on stuff which otherwise I'd know nothing about!!!

robert kramer · Post by **robert kramer** » 19 Oct 2009 10:17 am

Just diabled Java Script. Thanks again Wiz.