ITSS-Advisory : HIGH : Adobe : Acrobat and Acrobat Reader : Arbitrary Code Execution

THREAT LEVEL
============
High. This vulnerability is being actively exploited. There is currently no
official fix for this vulnerability.

INFORMATION
===========
Adobe has announced a buffer overflow vulnerability in Acrobat and Acrobat Reader.
Accessing a specially crafted PDF file could result in arbitrary code execution
on an affected computer system.

More information is available at:
http://www.adobe.com/support/security/advisories/apsa09-01.html

AFFECTED PLATFORMS
==================
Computers of various operating systems running Adobe Acrobat and/or
Acrobat Reader, versions 9 and earlier.

ACTION
======
Please request all users to assess the risks before accessing PDF files. Users
should not access unsolicited PDF files, or PDF files from unknown sources.

Adobe plans to release a fix for this vulnerability from 11 Mar 2009.

A post at Shadowserver claims that the exploit will not succeed if Javascript
within Acrobat or Acrobat Reader is disabled. This claim has not been verified.
Please evaluate the consequences of implementing (and later possibly undoing)
this change. More information is available at:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221