Adobe Reader and Acrobat Issue update


This is an update on the Adobe Reader and Acrobat issue (CVE-2009-0658) discussed in Security Advisory APSA09-01. As mentioned previously, Adobe currently plans to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th. In addition, Adobe is also planning to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.
We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Keeping this in mind, should users choose to disable JavaScript, it can be accomplished following the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
In addition, Adobe continues its contact with Antivirus and Security vendors on this issue in order to ensure the security of our mutual customers. We are now able to report that the following Antivirus and Security vendors and related products provide protections and information regarding this vulnerability:
BitDefender has provided info that their customers using the following products are protected from attacks against this exploit:
• BitDefender Antivirus 2009:–BitDefender-Antivirus-2009.html
• BitDefender Internet Security 2009:–BitDefender-Internet-Security-2009.html
• BitDefender Total Security 2009:–BitDefender-Total-Security-2009.html
Check Point customers using Check Point Security Gateway products are protected from attacks exploiting this vulnerability, provided that the appropriate protection is activated. For more details and precise list of products, see
F-Secure Anti-Virus 2009:
F-Secure Internet Security 2009:
F-Secure Client Security:
F-Secure Online Scanner (free to use):
F-Secure Anti-Virus for Windows Servers:
F-Secure Internet Gatekeeper (Windows and Linux)
F-Secure Anti-Virus for MS Exchange:
F-Secure Secure Messaging Gateway:
Intrushield – Network IPS:
Microsoft Corporation products protecting against Exploit:Win32/Pidief and variants:
Microsoft Forefront Client Security
Microsoft Windows Live OneCare
Microsoft Windows Live OneCare safety scanner
Here is the list of Sophos products that protect in one way or another against exploits attempting to exploit the vulnerability:
Sophos Endpoint Security and Control – using HIPS buffer overflow protection and anti-malware protection engine.
Sophos Web Security Appliance –, using anti-malware protection engine and URL filtering.
Sophos PureMessage (all platforms) –, using anti-malware and anti-spam protection engines.
Norton Antivirus 2009 (and earlier supported version)
Norton Internet Security 2009 (and earlier supported version)
Norton 360
Symantec Endpoint Protection 11
Symantec AntiVirus 10 (and earlier supported version)
Symantec AntiVirus for CacheFlow Security Gateway
Symantec AntiVirus for Inktomi Traffic Edge
Symantec AntiVirus for NetApp Filer/NetCache
Symantec Mail Security for Domino v 5.x (and earlier supported version)
Symantec Mail Security for Microsoft Exchange v 5.x (and earlier supported version)
Symantec Mail Security for SMTP v 5.x (and earlier supported version)
Symantec Web Security 3.0 (and earlier supported version)
Symantec AntiVirus for Bluecoat Security Gateway
Symantec AntiVirus for Clearswift MIMESweeper
Symantec AntiVirus for Microsoft ISA Server
Symantec AntiVirus Scan Engine
Symantec AntiVirus for Linux
Symantec Brightmail Gateway


Users/Customers of Sourcefire, Snort and ClamAV are protected against this vulnerability.
Sourcefire 3D System
OpenSource Snort
Trend Micro:
Product link:
We will continue to provide updates on this issue via Adobe’s Security Advisory and the PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights


Posted on 02-24-2009