February 23, 2009
To paraphrase from more detailed sources (http://blogs.zdnet.com/security/?p=2631 and http://www.infoworld.com/article/09/02/20/Adobe_flaw_heightens_risk_of_encountering_malicious_PDFs_1.html):
A CERT Critical Infrastructure Notice was issued on Friday, February 20, to notify the community that an open vulnerability has been announced and exploited in version 9 of Adobe Acrobat and Acrobat Reader.
The exploit can be delivered in the form of maliciously crafted *.pdf files, either as emailed attachments or as downloads available from web sites. The maliciously crafted .pdf contains java script that calls a malware distribution server and invites malware and rootkits onto the compromised system.
To disable the displaying of PDF documents in the web browser:
o Preventing PDF documents from opening inside a web browser may
mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities.
To prevent PDF documents from automatically being opened in a web browser:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.
To prevent Internet Explorer from automatically opening PDF documents
o The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
• Do not access PDF documents from untrusted sources
Posted by Ruth Cannon at 09:56 AM