US-CERT Current Activity Adobe Reader JavaScript Function Vulnerability Original release date: April 28, 2009 at 12:34 pm Last revised: April 28, 2009 at 12:34 pm US-CERT is aware of public reports of a vulnerability affecting Adobe Reader. Reports indicate that this vulnerability is due to an error in the 'getAnnots()' JavaScript function. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code. Adobe has indicated via a blog entry that they are aware of the reports and are investigating the issue. US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk. To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, un-check Enable Acrobat JavaScript. US-CERT will provide additional information as it becomes available. Relevant Url(s): <http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html> ==== This entry is available at http://www.us-cert.gov/current/index.html#adobe_reader_javascript_function_vulnerability Produced 2009 by US-CERT, a government organization. Note: Posted according to copyright permissions of US-CERT (United States Computer Emergency Readiness Team) Purpose of Posting -- To help others keep their genealogy computers healthy.