DarkFiber Consulting – IT Managed Services

Adobe Reader and Acrobat JavaScript Vulnerabilities

May 9th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:

  1. Open the General Preferences dialog box
  2. From the Edit menu, select Preferences and then choose JavaScript
  3. Un-check Enable Acrobat JavaScript

Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. DarkFiber Consulting will provide additional information as it becomes available.