Discovery Date: Feb 19, 2009

Risk: Critical

Related Malware: TROJ_PIDIEF.IN

Affected Software:

• Adobe Acrobat Pro 9.0.0 and earlier versions
• Adobe Acrobat Pro Extended 9.0.0 and earlier versions
• Adobe Acrobat Standard 9.0.0 and earlier versions
• Adobe Reader 9.0.0 and earlier versions

Description:

A vulnerability has been found in versions 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the program(s) to crash, as well as allow a remote user to execute malicious code on an affected system.

It exploits a vulnerability in a non-JavaScript function call; however JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat/Reader.

Patch Information:

As of this time, no patch exists for this vulnerability. A patch for Adobe Acrobat and Adobe Reader versions 9.0.0 is expected by March 11, 2009. Patches for earlier versions will follow.

Please consult the official Adobe security bulletin for details on these patches.

Workaround Fixes:

Steps to work around this vulnerability may be found at the US-CERT Technical Cyber Security Alert TA09-051A.