I pulled together some resources for this issue. There are some workarounds described in the article, be sure to read the entire thing before taking action. I disabled the automated PDF opening from by web browser and now I get a prompt to open a document of that type. I can make a determination as to the source, friend or foe of any that I might want to take a look at.
Here are the details that I have captured:
Adobe Reader version 9 and earlier
Adobe has released Security Bulletin APSB09-01, which describes a
vulnerability that affects Adobe Reader and Acrobat. This
vulnerability could allow a remote attacker to execute arbitrary
code.
Disable JavaScript in Adobe Reader and Acrobat
Disabling Javascript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript and un-check
Enable Acrobat JavaScript).
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to the safer option of
prompting the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied it may also mitigate future vulnerabilities. To prevent PDF
documents from automatically being opened in a web browser, do the
following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.
Do not access PDF documents from untrusted sources
Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on web sites or delivered as email attachments.
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow.
A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.
As always, safe surfing,
Darrell
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment