US-CERT is aware of public reports of a vulnerability affecting Adobe Reader. Reports indicate that this vulnerability is due to an error in the 'getAnnots()' JavaScript function. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code. Adobe has indicated via a blog entry that they are aware of the reports and are investigating the issue.

US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk. To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, un-check Enable Acrobat JavaScript.

US-CERT will provide additional information as it becomes available.

Read more: US-CERT Current Activity