Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 4th, 2009

Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat

A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions (Adobe Acrobat Standard, Pro, and Pro Extended 9.1 and earlier versions). The vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. A second vulnerability has also been reported that appears to affect Adobe Reader for Unix only.

Adobe is planning to release product updates to Adobe Reader and Acrobat to resolve the relevant security issues. Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009. The Adobe Reader for Unix updates will resolve both security issues. A security bulletin will be published at as soon as product updates are available.

Adobe categorizes this as a critical issue and recommends that users disable JavaScript in Adobe Reader and Acrobat prior to the availability of Adobe product updates and exercise caution when opening files from untrusted sources.

In the meantime, to mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following instructions below:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

Adobe is currently not aware of any reports of exploits in the wild for these issues.

Share this article with others:

More on CyberInsecure:
  • Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched
  • High-profile Advertiser Website Hacked, Serving Exploits Cocktail
  • Critical Flash Player, Acrobat, Reader Vulnerability Exploited In The Wild
  • Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function
  • F-Secure Says Users Should Stop Using Adobe Acrobat Reader

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.