A new vulnerability in Adobe’s Acrobat and Reader products is currently being exploited by attackers who are sending their targets a malicious PDF file via Email.
This vulnerability affects version 9.2 and prior of Adobe Acrobat and Reader. According to Adobe a patch for this vulnerability will not be available until January 12, 2010. For now Adobe users can help protect themselves by disabling JavaScript in Acrobat and Reader. This can be done by clicking Edit -> Preferences -> JavaScript and Uncheck the 'Enable Acrobat JavaScript' option. Alternative PDF viewers such as Foxit Reader are not vulnerable.
So far the attacks have been targeted and we have not seen emails with PDFs exploiting this vulnerability being sent by any known botnet. The targeted PDF files have included inside them an executable file that is executed by the exploit.
Expect this vulnerability to become more widespread as more people learn to exploit it and as web exploitation kits add it to their arsenal.
The latest news from Adobe can be found here: http://blogs.adobe.com/psirt/2009/12/
More Information on the targeted attacks can be found here: http://contagiodump.blogspot.com/2009/12/this-message-shows-that-adobe-zero-day.html
