山伍成群

[PoP]

US-CERT Current Activity
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
更新: 2009-12-15 23:29


Adobe Reader and Acrobat Remote Code Execution Vulnerability
發表: 2009-12-15 23:29

Adobe has stated that they are investigating public reports of a vulnerability affecting Adobe Reader and Acrobat. Public reports indicate that exploitation of this vulnerability may occur when a user opens a specially crafted PDF file. Exploitation of this vulnerability may result in arbitrary code execution. Public reports currently indicate active exploitation of this vulnerability.

US-CERT encourages users and administrators to do the following to help mitigate the risks until the vendor is able to provide an update:

• Review the Adobe blog entry regarding this issue.
  
• Use caution when opening PDF files from untrusted sources.
• Disable JavaScript in Adobe Acrobat and Reader. To do this, click "Edit," then "Preferences" and then "JavaScript," and uncheck "Enable Acrobat JavaScript."

US-CERT will provide additional information as it becomes available.

[ 全文 ]

[PoP]

Source: http://news.cnet.com/8301-1009_3-10415438-83.html?tag=nl.e757

Adobe warned of reports of an attack exploiting a hole in Reader and Acrobat on Monday.

"This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild," the company said in an advisory on its Security Incident Response Team blog. "We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information."

Three different security vendor partners reported the alleged exploit to the company on Monday afternoon, said Adobe spokeswoman Wiebke Lips. She said she could not provide more details.

Last week, Adobe released a critical update affecting Flash Player and Adobe AIR.

Meanwhile, some Macintosh users were reporting on the Adobe Forums site that they were having problems installing an update from October that resolved a critical vulnerability in Adobe Reader and Acrobat 9.1.3 that had reportedly been exploited in the wild.