ITSS-Advisory : MEDIUM : Adobe : Acrobat and Reader : Arbitrary Code Execution

THREAT LEVEL
============
Medium.

INFORMATION
===========
On 01 May 2009, Adobe released a bulletin describing a vulnerability
in Adobe Reader and Adobe Acrobat. Accessing a specially crafted PDF
file could result in the application crashing, or arbitrary code
execution on an affected system.

More information is available at:
http://www.adobe.com/support/security/advisories/apsa09-02.html

AFFECTED PLATFORMS
==================
Computers of various operating systems running:
- Adobe Reader versions 9.1 and earlier
- Adobe Acrobat versions 9.1 and earlier

ACTION
======
Adobe states that updated products which fix the vulnerability will
be available by 12 May 2009. Until then, as mitigation, Adobe advises
disabling JavaScript in Adobe Reader and Adobe Acrobat.

Administrators of affected computers are advised to evaluate the
impacts and risks of implementing (and possibly later un-doing) the
mitigation measure suggested by Adobe.

Please refer to the bulletin from Adobe for details.