US-CERT Cyber Security Alert SA09-286B -- Multiple Vulnerabilities Affect Adobe Reader and Acrobat

National Cyber Alert System
Cyber Security Alert SA09-286B

Multiple Vulnerabilities Affect Adobe Reader and Acrobat

Original release date: October 13, 2009
Last revised: --
Source: US-CERT

Systems Affected

Adobe Reader and Acrobat 9.1.3 and earlier 9.x versions
Adobe Reader and Acrobat 8.1.6 and earlier 8.x versions
Adobe Reader and Acrobat 7.1.3 and earlier 7.x versions

Overview

Adobe has released Security bulletin APSB09-15, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

Solution

Update
Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB09-15 and update vulnerable versions of Adobe Reader and Acrobat.
Enable Data Execution Prevention (DEP) in Microsoft Windows
Consider enabling Data Execution Prevention (DEP) in supported versions of Windows. Though it doesn't completely resolve the problem, DEP can hinder the execution of attacks in some cases.
Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts "Understanding DEP as a mitigation technology" part 1 and part 2. You should consider using DEP along with the patches and other mitigations described in this document.
Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; un-check Enable Acrobat JavaScript).

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without your interaction. However, you can set up a safer option that prompts the you by importing the following as a .REG file:
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00
Disable the display of PDF documents in your Web browser

Preventing PDF documents from opening inside your Web browser will partially mitigate this vulnerability. By applying this workaround, you may also lessen the possibility of future vulnerabilities.

To prevent PDF documents from automatically being opened in a Web browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly those hosted on Web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010.

Description

Adobe Security Advisory APSB09-15 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file.
These vulnerabilities could allow a remote attacker to take control of your computer or cause it to crash.

References

APSB09-15 Security Advisory for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb09-15.html>
Understanding DEP as a mitigation technology part 1 - <http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx>
Understanding DEP as a mitigation technology part 2 - <http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx>

Feedback can be directed to US-CERT.

Produced 2009 by US-CERT, a government organization. Terms of use

Revision History

Last updated October 13, 2009