eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Adobe Systems is investigating a report of a new vulnerability in Adobe Reader.
So far Adobe has not seen any attacks exploiting the vulnerability, though proof-of-concept code was posted publicly on the Full Disclosure mailing list earlier this week. The vulnerability can be exploited to trigger a denial of service. Arbitrary code execution could be possible, but has not been demonstrated.
Users of Adobe Reader 9.2 or later and 8.1.7 or later can leverage the JavaScript Blacklist Framework to prevent the issue by following instructions on the Adobe Product Security Incident Response Team blog linked to above. Adobe Acrobat is not affected by the issue.
Adobe issued a warning about the bug Thursday, the same day as it released a massive security update for Adobe Flash Player. The update plugged nearly 20 vulnerabilities, including one, CVE-2010-3654, that had been targeted by attackers. Before that
Adobe said it will continue to provide updates on the latest situation as necessary.