Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Alert SA10-231A archive

Adobe Reader and Acrobat Vulnerabilities

Original release date: August 19, 2010
Last revised: --
Source: US-CERT

Systems Affected

  • Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX
  • Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh
  • Adobe Reader 8.2.3 and earlier versions for Windows, Macintosh, and UNIX
  • Adobe Acrobat 8.2.3 and earlier versions for Windows and Macintosh

Overview

Adobe has released Security Bulletin APSB10-17, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.


Solution

Update

Adobe has released updates to address this issue. You are encouraged to read Adobe Security Bulletin APSB10-17 and update vulnerable versions of Adobe Reader and Acrobat. 

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits. To disable JavaScript in Acrobat, do the following:

  1. Open Adobe Acrobat Reader.
  2. Open the Edit menu.
  3. Choose the Preferences option.
  4. Choose the JavaScript section.
  5. Uncheck the "Enable Acrobat JavaScript" checkbox.

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will partially protect you against this vulnerability. Applying this workaround may also protect you against future vulnerabilities.

To prevent PDF files from automatically being opened in a web browser, do the following:

  1. Open Adobe Acrobat Reader.
  2. Open the Edit menu.
  3. Choose the Preferences option.
  4. Choose the Internet section.
  5. Uncheck the "Display PDF in browser" checkbox.

Do not access PDF files from untrusted sources

Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010.


Description

Adobe Security Bulletin APSB10-17 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file.

These vulnerabilities could allow a remote attacker to take control of your computer or cause it to crash.


References


Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use


Revision History

August 19, 2010: Initial release

Last updated August 19, 2010
print this document