Acrobat [Reader] 0-Day On the Loose

I don't want this to move to the next page yet.

Just a reminder that there is an alternative if all you want is a pdf reader: Foxit 3.0:
http://www.foxitsoftware.com/pdf/rd_intro.php

http://billpstudios.blogspot.com/2009/02/adobe-gets-sloppy-and-you-at-risk.html

Here is a simple batch file by PhishLabs to mitigate the Adobe zero day:
Direct link: http://migre.me/2wR
Info Here: http://www.phishlabs.com/blog/

* Note: It has only been tested on Adobe Acrobat Reader 9.0.0 Standard US on Windows XP SP3.   Use at your own risk.

for the sake of clarity/emphasis, I would like to make two points:

1)  those who have already applied the work-around suggested by BugBatter in her first first post above:

Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

do NOT have to run the PhishLabs batch file --- you've already done what the batch file is trying to do.

2)  that the batch file "has only been tested on Adobe Acrobat Reader 9.0.0..." is an understatement:   The batch file adjusts a registry key that is specifically for Adobe 9.   Therefore, it will NOT work if you attempt to use it on any other version of adobe!    in contrast, the "generic" instruction above, to edit preferences, could be attempted in other/older  versions of adobe.

ky331, for the sake of clarity/emphasis do you plan posting Updates today?

Snowshine,

to answer your SECOND question, the "work-around" should be reversed only after Adobe releases a new version of Reader, which fixes the coding to avert the problem.

Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009.

Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow.

I defer to BB to answer your first question.

Anyone care to comment on whether hardware DEP and ASLR prevent or at least mitigate against this type of attack?

Hi BugBatter & ky331,

I completed my Vista Ultimat 64 bit clean install last night and this morning installed the Adobe Acrobat Reader 9.0.0.

Just this minute I discovered this thread and immediately went to Acrobat and did the Edit->Preferences->JavaScript and unchecked Enable Acrobat JavaScript.

I am running Avast virus protection[Free Home Version]

Would you mind answering the following two questions?

Would I have been infected by now?

When should I reverse the above action?

Snow

BB,

in the older forum, I was given the responsibility of starting the daily update thread.    when DELL switched to the new forum, and it became difficult to make posts (for the first few months), i was not in a position to continue doing so regularly --- at which point you (and others) often did so.   At present, I make no "claims" to that thread, and am more than happy when you (or others) start it.

In particular, in terms of my more recent behavior, I've only started the daily update thread when I actually had a particular update in mind that i was ready to include.   Unless that's problematic, that's how i would like to continue.

I installed the Foxit reader, but if anyone else does perform the custom install to avoid the "extras" bundled with this software.  I can't remember the specifics but I know I was offered an Ask.com product (can't remember if it was the toolbar or homepage change) and also a Foxit toolbar.  However, other than these annoyances I really like Foxit when compared to Adobe and I don't need to worry about this vulernability.

As always, thanks to the regulars here for bringing this problem to out attention, and how to deal with it. Some Adobe program or other has been wanting to update lately, but will ignore it for the time being. 

According to what I have been able to find, this has been detected by Symantec since February 12, 2009.  Adobe is promising a path by March 11, 2009.

Foxit Wants to Install Ask Toolbar
The Foxit pdf Reader took the freeware world by storm and became very popular. Compared to its rival the Adobe pdf reader, the Foxit Reader was a small download, fast to install, loaded fast and consumed less resources. Many people have switched to the Foxit Reader as a substitute to Adobe Reader. With the publicity over the current Adobe Reader vulnerability, one expects even more people are looking for a substitute. Now comes the news that Foxit reader too will include the Ask toolbar along with its installation!

...Foxit Reader has moved on from being a freeware to crippleware. While it has given the users to uncheck the 'install toolbar' option, on de-selecting this option, the app is crippled ! Apparently the $1/install has resulted in enticing the Foxit software developers to resort to this measure.

http://www.winvistaclub.com/s27.html

Now THAT'S pitiful :emotion-9: