Adobe Reader and Acrobat Vulnerabilities

Original release date: November 04, 2008
Last revised: --
Source: US-CERT

Systems Affected

• Adobe Reader version 8.1.2 and earlier
• Adobe Acrobat (Professional, 3D, and Standard) version 8.1.2 and earlier

Overview

Vulnerabilities in Adobe Reader and Acrobat may allow an attacker to take control of your computer. Adobe has released a bulletin to address these issues.

Solution

Upgrade

Adobe recommends that users with version 8 of Adobe Reader or Acrobat upgrade to version 8.1.3. Links to these versions are available in the security bulletin.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript in Adobe Reader and Acrobat may prevent this vulnerability from being exploited. In Acrobat Reader, JavaScript can be disabled in the General preferences dialog:

1. Open the Edit menu
2. Choose the Preferences option
3. Choose the JavaScript option
4. De-select "Enable Acrobat JavaScript"

Description

In "Security update available for Adobe Reader 8 and Acrobat 8," Adobe addresses vulnerabilities that affect some versions of Reader and Acrobat. By convincing a user to download a malicious PDF file, an attacker could execute code or cause a computer to crash. The malicious file could be downloaded by just visiting a malicious website that contains the file.

For more technical information, see US-CERT Technical Cyber Security Alert TA08-309A.

References

• Security Update available for Adobe Reader 8 and Acrobat 8 - <http://www.adobe.com/support/security/bulletins/apsb08-19.html>
• US-CERT Technical Cyber Security Alert TA08-309A - <http://www.us-cert.gov/cas/techalerts/TA08-309A.html>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>

---

Feedback can be directed to US-CERT.

---

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

November 04, 2008: Initial release