On Monday, December 14, 2009, symantec became aware of a previously Un-Known Vulnerability affecting Adobe Reader and Acrobat 9.2 and Prior Versions. Attackers can Exploit the Issue to Execute Arbitrary Code by enticing a Vulnerable User into visiting a Malicious Web Site or Opening a Malicious File. This issue is being exploited In-The-Wild in Limited Attacks.
Users are advised to:
- Avoid following Web Links that originate from Un-Known or Un-Trusted Sources.
- Avoid Processing Files that originate from Un-Known or Un-Trusted Sources.
- Implement multiple redundant layers of security such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.
- Deploy Intrusion Detection to Monitor Network Traffic for Malicious Activity.
- Run all software as a Non-Privileged User with Minimal Access Rights.
Fore More Information, please see the following:
- New Adobe Reader and Acrobat Vulnerability.
- Adobe Acrobat, Reader and Flash Player Un-Specified Vulnerability.