Yet Another Adobe Bug
Posted: October 9th, 2009 | Author: xanda | Filed under: IT Related | Tags: 0day, acrobat, adobe, clientside, CVE-2009-3459, javascript, pdf | No Comments »Nothing much but YES to agree with Didier Stevens with his statement:
PDF + JS = OMG
Yerp.. there is another vulnerability (CVE-2009-3459) in Adobe Reader and Acrobat today (GMT +8) and so far it is still 0 day..
*panic panic* What to do?
- Disable JavaScript support in Adobe Reader and Acrobat
- Enable DEP (for Windows)
- Use NoScript
- Use alternative PDF reader like Foxit, Gnome Document Viewer, yada yada..
- Don’t be a lame by opening unknown PDF attachment