Adobe Reader Exploit Circulating

If you’re using Adobe Reader 8 or lower, you may be vulnerable to an exploit that is actively being used and reportedly cannot be detected by common antivirus applications. You should upgrade to Adobe Reader 9 immediately.

US-CERT is aware of public reports of active exploitation of a recent Adobe Reader vulnerability. This exploit appears to arrive in the form of a maliciously crafted PDF file and leverages the JavaScript buffer overflow vulnerability addressed in Adobe Security Bulletin APSB08-19. Successful exploitation may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Additionally, the reports indicate that this exploit is currently undetectable by common antivirus applications.

US-CERT encourages users and administrators to do the following to help mitigate the risk:

• Review Adobe Security Bulletin APS08-19 and update to Adobe Reader 9.
• Use caution when opening untrusted files.
• Install antivirus software and keep the virus signatures up to date.