Homemade PDF Patch Beats Adobe By Two Weeks

CWmike writes "Sourcefire security researcher Lurene Grenier has published a home-brewed patch for the critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks. Grenier posted the patch on Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees. Also, PhishLabs has created a batch file that resets a Windows registry key to de-fang the hack by disabling JavaScript in Adobe Reader 9.0, giving administrators a way to automate the process."

Re:Feature Request

[klossner]

Adobe did add this dialog -- but it only appears if you have disabled Javascript! (Which you can do with Edit / Preferences, no need for the registry hack.)

Here's the exact dialog:

? This document contains JavaScripts. Do you want to enable JavaScripts from now on? The document may not behave correctly if they're disabled.

[ ] Don't show this message again until this document is reopened

[[Yes]] [[No]]

Re:Registry hack

[initialE]

For myself I just used the REG.exe located inside the %system32% folder. in your logon script (assuming you have one), just add in the lines

REG add "HKCU\Software\Adobe\Acrobat Reader\9.0\JSPrefs" /v bConsoleOpen /t REG_DWORD /d 0 /f

REG add "HKCU\Software\Adobe\Acrobat Reader\9.0\JSPrefs" /v bEnableGlobalSecurity /t REG_DWORD /d 1 /f

REG add "HKCU\Software\Adobe\Acrobat Reader\9.0\JSPrefs" /v bEnableJS /t REG_DWORD /d 0 /f

REG add "HKCU\Software\Adobe\Acrobat Reader\9.0\JSPrefs" /v bEnableMenuItems /t REG_DWORD /d 0 /f

YMMV. REG.exe is not included on Windows 2000. Because this applies to the current user registry there should be no permissions issue. And make sure your path does include the system32 directory as by default.