Zero Day: Acrobate Reader Still Out There
Adobe's current fix does not fix the actual vulnerability but you should update to version 9.1. At the firewall level it may be prudent to block PDF's from un-trusted sources. The Zero Day PDF has malicious code that can exploit a buffer overflow allowing execution of code on your system. First up you should not have JavaScript enabled, if it is disable it right away. This exploit may crash Reader if you disable JavaScript but it will be unable to install the malicious code onto your system.
One important aspect of defense against this exploit is education of users, make sure to review attachment policies and procedures. Users should not open any documents from un-trusted or unknown sources. (Make sure that your policies and procedures give users clear guidance including case examples.) Trust and un-trusted sources can be filtered at the external fire wall which you should be doing already.
CVE number: CVE-2009-0658
Reader Comments