Unofficial Adobe Reader Patch Released
You might have read about a new vulnerability in Adobe Reader 9 and previous versions that is affecting all platforms and rated critical. The vulnerability can be used to crash an application and allow an attacker to take control of the computer system. Adobe announced plans to release the official patch for all affected products on March 11. That's more than two weeks after the patch has been acknowledged by them and a serious problem considering that there are reports that the vulnerability is already exploited.
Lurene Grenier, a security researcher at Sourcefire, has published an unofficial patch for Adobe Reader 9 that is installed on a computer running the Microsoft Windows operating system. The patch comes with no guarantees and involves the replacement of a dll file in the Adobe Reader directory. Users should make sure to backup the dll before replacing it to be prepared for eventualities. Windows users with previous Adobe Reader versions will have to upgrade to Adobe Reader 9 before they can apply the patch.
There is another recommendation (by US-CERT)which is helpful for users of other operating systems or Windows users who do not like the idea of replacing a dll on the computer system:
You might have read about a new vulnerability in Adobe Reader 9 and previous versions that is affecting all platforms and rated critical. The vulnerability can be used to crash an application and allow an attacker to take control of the computer system. Adobe announced plans to release the official patch for all affected products on March 11. That's more than two weeks after the patch has been acknowledged by them and a serious problem considering that there are reports that the vulnerability is already exploited.
Lurene Grenier, a security researcher at Sourcefire, has published an unofficial patch for Adobe Reader 9 that is installed on a computer running the Microsoft Windows operating system. The patch comes with no guarantees and involves the replacement of a dll file in the Adobe Reader directory. Users should make sure to backup the dll before replacing it to be prepared for eventualities. Windows users with previous Adobe Reader versions will have to upgrade to Adobe Reader 9 before they can apply the patch.
There is another recommendation (by US-CERT)which is helpful for users of other operating systems or Windows users who do not like the idea of replacing a dll on the computer system:
- <LI itxtvisited="1">Disabling Javascript in Adobe Reader by going to Edit > Preferences > JavaScript and unchecking enable Acrobat JavaScript. <LI itxtvisited="1">Preventing IE from automatically displaying PDFs. This can be done via a Registry tweak described on the US-CERT notification.
- Disable rendering of PDFs within web pages. This can be done from the Edit-Preferences menu in Adobe Reader.
