Security researchers have unearthed a new vulnerability in both Adobe Acrobat and Reader. Adobe has acknowledged the presence of the said vulnerability although it has not gone public with more specific details. Researchers believe version 9.2 and earlier of Adobe Acrobat and Reader are affected by this vulnerability.

Trend Micro threat analysts have encountered several samples of malicious .PDF files (detected as TROJ_PIDIEF.PGT, TROJ_PIDIEF.PGS, and TROJ_PIDIEF.PGU) that exploit the said vulnerability. While Adobe has not yet been able to release a patch, it was found that disabling JavaScript will serve as a suitable workaround.

To disable JavaScript, perform the following steps from within the concerned Adobe application:

• Click Edit then Preferences.
• In the left panel, choose JavaScript.
• In the right panel, uncheck Enable Acrobat JavaScript.
• Click OK.

Trend Micro product users are protected from this threat via the Smart Protection Network, which prevents the .PDF files from being downloaded onto users’ systems.

Update as of December 16, 2009, 1:00 PM PST

Adobe has officially released a security advisory covering this threat. In addition, they also announced that a patch to solve this problem will be released by January 12, 2010.

Update as of December 17, 2009, 4:26 AM PST

Trend Micro users that have OfficeScan with Intrusion Defense Firewall plugin are secured from any PDF exploit attacks as long as their systems are up-to-date with the latest IDF filters (IDF0937). For more details regarding this vulnerability, visit the security advisory we posted in our Threat Encyclopedia.