Secure yourself from the recent PDF exploits by disabling JavaScript
A recent PDF exploit has been running wild across the internet for the past few days. Not unlike many other Adobe Acrobat exploits, this one relies on the fact that Acrobat and Acrobat Reader ship with JavaScript enabled by default. Shame on you, Adobe.
What is interesting about this exploit is that you do not even need to open the PDF, simply viewing a file listing in Windows Explorer causes the exploit to execute. Thankfully, there is a simple fix – disable Adobe Acrobat’s JavaScript engine.
To disable JavaScript, Open Acrobat Reader and click on the Edit menu and select Preferences. In the Preferences window, select JavaScript from the left side and uncheck “Enable Acrobat JavaScript” Press OK and you’re done.
For those of you who are administrating a Windows domain network, it might be more difficult for you to do this on each and every PC. Instead, make your lives easier by using a Group Policy Object to push a registry change out to all your machines.
I have created a registry file that will disable JavaScript on Acrobat Reader. Since I don’t know which versions are installed on each of the machines in the domain, I played it safe by adding the reg keys for the 4 latest version of Acrobat Reader – 6.x, 7.x, 8.x and 9.x.
So long as your copy is up-to-date you should be OK
http://www.avertlabs.com/research/blog/index.php/2008/02/11/another-adobe-pdf-exploit-in-the-wild/
@Blood
Thanks. Unfortunately, in many environments where you manage more than a few machines, its very difficult to know which versions of any software is installed. Plus, its good measure to lock things down preemptively.
I read yesterday that people are starting to recommend using alternatives to Acrobat. I avoid Adobe wherever possible personally but get stuck with it sometimes at work. Sumatra is a free reader app for Windows that works quite well (and doesn’t phone home). Linux generally comes with its own.
It has been my experience that very little good comes from javascript in a browser. Now I have to worry about it in Acrobat too.
Bravo on the GPO/registry file!
@leftystrat Thanks
You can also try FoxIt which is another free PDF reader for Windows.
http://www.foxitsoftware.com/pdf/reader/
Thanks for the registry file and for including all current versions, I use PolicyMaker here and this makes it really simple to push the registry updates. Adobe’s security on this javascript stuff is just cheesecloth. Why we need yet another webpage when actually we need a secure way of passing documents eludes me at the moment.