Adobe Warns Of New Reader Vulnerability

Adobe has warned users of yet another Reader vulnerability capable of causing the software to crash and could lead to remote code execution.

The flaw was found in Adobe Reader 9.2 or later and 8.1.7 or later and was not found to affect the Adobe Acrobat tool.

The company said in a blog post that the flaw, which was publicly disclosed on the Full Disclosure list, is not yet known to have been exploited in the wild.

The flaw was disclosed on the Full Disclosure list as a proof-of-concept file demonstrating a Denial of Service attack.

“We plan to resolve this issue in the update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions scheduled for release during the week of 15 November, 2010,” the company said.

It also advised Reader users to utilise the JavaScript Blacklist Framework to prevent any exploitation of the flaw on their systems.

Adobe has said that it will provide further updates on the Adobe PSIRT blog and/or the Security Advisory section of the Adobe website when necessary.