<div id="subtitle">Adobe zero-day</div><div><p>bWhat is it?/bbr /In December, yet another zero-day vulnerability surfaced in Adobe Reader and Acrobat and was the fourth zero-day in 2009 to affect these products.br /br /bHow does it work?/bbr /Apart from rendering PDF files, the programs also support the JavaScript for Acrobat API, which allows a PDF document to execute script in response to events. A so-called use-after-free error, where an object is referenced and used after having been deleted in memory, exists when executing the “Doc.media.newPlayer()” API method.br /br /bShould I be worried?/bbr /Yes. This allows an attacker to take control of the user's system and run malicious programs and malware when the user opens a malicious PDF document. br /br /bHow can I prevent it?/bbr /Until fixes are available to address this vulnerability [issued Jan. 12], users are highly encouraged to disable “Acrobat JavaScript” support (enabled by default) in Adobe Reader and Acrobat to prevent exploitation.br /br /– Carsten Eiram, chief security specialist, Secuniabr /</p><img src="http://admatch-syndication.mochila.com/images/ad.gif?aid=68563066&bid=informcom" /></div><div id="copyright"><div>

Copyright 2010  <a href="http://content.mochila.com/api/content/asset?assetID=2010-02-06:HaymarketMediaGroup/SCMagazines/THREAT_OF_THE_MONTH-76950/&uname=mochila_api&cert=d1ff44fd2ac969664ae05bf7687cc5d1&bpid=informcom">SC Magazine</a></div></div>