Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4324 to the following vulnerability: Name: CVE-2009-4324 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324 Assigned: 20091214 Reference: MISC: http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html Unspecified vulnerability in Adobe Reader and Acrobat 9.2 and earlier has unknown impact and attack vectors, as exploited in the wild in December 2009. An unconfirmed third-party posting [1] indicates this vulnerability is in the JavaScript processing, so a proposed work-around is to disable JavaScript (Edit -> Preferences -> JavaScript). This has not been official confirmed by Adobe. [1] http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
Official bulletin, but no word on a fix yet. Confirmed as critical impact issue with a work-around (disable javascript): http://www.adobe.com/support/security/advisories/apsa09-07.html
We will prepare updates and issue an erratum to correct this issue once Adobe have released a fixed version of Acrobat reader. Please see Adobe blog and advisories for estimates of timeframes.
Updates fixing this flaw should be released by Adobe tomorrow, Jan12: http://blogs.adobe.com/psirt/2010/01/pre-notification_-_quarterly_s_1.html http://www.adobe.com/support/security/bulletins/apsb10-02.html
Fixed now in 9.3 (and 8.2, which is only available for Windows and Macintosh, but is no longer supported on Unix platforms): http://www.adobe.com/support/security/bulletins/apsb10-02.html
This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0037 https://rhn.redhat.com/errata/RHSA-2010-0037.html
This issue has been addressed in following products: Extras for RHEL 4 Via RHSA-2010:0038 https://rhn.redhat.com/errata/RHSA-2010-0038.html
This issue has been addressed in following products: Extras for RHEL 3 Via RHSA-2010:0060 https://rhn.redhat.com/errata/RHSA-2010-0060.html