|Skip to Main Content|
  1. PROSPECTIVE STUDENTS
  2. CURRENT STUDENTS
  3. FACULTY & STAFF
  4. ALUMNI
  5. COMMUNITY & FRIENDS
 
  1. CAMPUS LINKS
    1. Inside UNCG
    2. Admissions
    3. Academics
    4. Libraries
    5. Administration
    6. Research & Centers
    7. International Programs
    8. Continuing Education
      & Outreach
    9. Technology
    10. Arts & Entertainment
    11. Employment
    12. Corporate Resources
    13. Giving to UNCG

Information Technology Services

Home » News » 2009 » February » Critical Adobe Vulnerability

ITS News

11 Nov 2009
Update: 6-TECH Online Service Restored
06 Nov 2009
Server maintenance for email delivery and some UNIX services
03 Nov 2009
Update: UNCGenie Service Restored
30 Oct 2009
Brief Unavailability for Windows-hosted Websites and Databases
28 Oct 2009
Multiple Services Unavailable - UPDATE

|More News...|

|Latest RSS News Feed for Information Technology Services|

Critical Vulnerability in Adobe Acrobat and Acrobat Reader

22 February 2009

FastFacts

  • Who: Faculty, Staff, and Students
  • What: Critical vulnerability announced for Adobe Acrobat and Acrobat Reader (all versions)
  • Client Action: See below

From Adobe Security Bulletin: Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

"A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on the Security Bulletins and Advisories page as soon as product updates are available."

UNCG Information Technology Services (ITS) recommends users perform the following actions, which may help prevent this vulnerability from being exploited: Disable JavaScript in Adobe Reader and Acrobat.

Acrobat JavaScript can be disabled in the General preferences dialog of Acrobat:

  1. Open the Edit menu
  2. Choose Preferences
  3. Choose JavaScript
  4. Uncheck "Enable Acrobat JavaScript"

Prevent Web Browser from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures your web browser to automatically open PDF files without any user interaction. This behavior
can be reverted to the safer option of prompting the user by performing the following steps:

Microsoft Windows:

  1. Open Adobe Acrobat Reader
  2. Open the Edit menu
  3. Choose the preferences option
  4. Choose the Internet section
  5. Uncheck the "Display PDF in browser" check box

Macintosh:

  1. Open Adobe Acrobat Reader
  2. Open the Adobe Reader menu
  3. Choose the preferences option
  4. Choose the Internet section
  5. Uncheck the "Display PDF in browser" check box

As a reminder, users should not access PDF documents from untrusted sources. Furthermore, users should not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments.

ITS will continue to update the UNCG Community as Adobe releases updates to fix this critical vulnerability.

If you have any questions about or difficulties with the patch, please contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.



 
Information Technology Services
The University of North Carolina at Greensboro
Greensboro, NC 27402-6170
Technical Support 336.256.TECH (8324)