Login to myLSU

CIO  |  IT Security & Policy  |  LONI  |  LOUIS  |  UIS  |  UNI  |  USS  |  MDAC  |  Moodle
IT Security & Policy
ITS  >  IT Security & Policy  >  Announcements
Adobe Acrobat and Reader Vulnerabilities

Systems Affected - 

Adobe Reader versions 9.1.1 and earlier

Adobe Acrobat (Standard, Professional, and 3D) versions 9.1.1 and earlier

Overview

Vulnerabilities in Adobe Reader and Acrobat may allow an attacker to take control of your computer. Adobe has released Security Bulletin APSB09-07, which describes the issues.

Solution

Update

Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB09-07 and update vulnerable versions of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat


Disabling Javascript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the

Preferences menu:

* Open the Edit menu.
* Select Preferences.
* Choose JavaScript.
* Un-check Enable Acrobat JavaScript.


Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will partially mitigate this vulnerability. This workaround may also mitigate future vulnerabilities.

To prevent PDF documents from automatically being opened in a web browser, do the following:

* Open Adobe Acrobat Reader.
* Open the Edit menu.
* Choose the Preferences option.
* Choose the Internet section.
* Un-check the Display PDF in browser check box.

 

 

Description

In Security Bulletin APSB09-07, Adobe describes issues that affect some versions of Adobe Reader and Acrobat. By convincing a user to visit a website and opening a malicious PDF file in the user's browser, an attacker could execute code or cause a computer to crash. Note that web browsers may be configured to open PDF files automatically.

More technical information is available in US-CERT Technical Cyber Security Alert TA09-161A.

References

* US-CERT Technical Cyber Security Alert TA09-161A -
<http://www.us-cert.gov/cas/techalerts/TA09-161A.html>

* Adobe Security Bulletin APSB09-07 -
<http://www.adobe.com/support/security/bulletins/apsb09-07.html>

* Cyber Security Tip ST04-010: Using Caution with Email Attachments -
<http://www.us-cert.gov/cas/tips/ST04-010.html>

This announcement posted Thursday, June 11, 2009

Information Technology Services

Louisiana State University

200 Frey Computing Services

Baton Rouge, LA 70803

Telephone: (225) 578-3700

Fax: (225) 578-6400

Send Comments or Questions about this site to the Webmaster
Copyright © 2013. All Rights Reserved. Official Web Page of Louisiana State University.