Home > Exploits, Vulnerability > PDF Adobe Reader Zero Day

PDF Adobe Reader Zero Day

Adobe Reader has two vulnerable JavaScript functions getAnnots() and spell.customDictionaryOpen() that could allow a remote attacker to execute arbitrary code on the system. PoCs were published here.

PSIRT blogged an update saying that this vulnerability is still under investigation and updates will be available by 12th May:

We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009.

Adobe Released Security Bulletin

Release date: May 1, 2009

Vulnerability identifier: APSA09-02

CVE number: CVE-2009-1492, CVE-2009-1493

Platform: All Platforms

Mac users are vulnerable and affected with this vulnerability and as usual it is best recommended that you disable JavaScript if you are using Adobe Reader. Please follow the instruction here.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: