If you haven’t heard already, there is a buffer overflow attack in the wild that exploits the fully-patched and latest versions of Adobe Acrobat and Adobe Reader, 8.3 and 9.0. The exploit can come in the form of opening a malicious or poisoned PDF file. You can read more about the specifics of the attack and how it works from an article at The Register. To summarize the problem, Javascript inside of a PDF can allow for code to be run on your computer. Variants of the exploit exist including one that installs a trojan virus and could allow a malicious user remote control over the computer.
Adobe plans to release a patch on March 11th to address the issue. In the meantime, to prevent the exploit from getting a foothold you can disable Acrobat JavaScript from within Adobe Reader and Acrobat. To do this go to Edit, Preferences… Then in the left-pane, navigate to JavaScript. The right-side of the window will update to JavaScript preferences. You should uncheck “Enable Acrobat JavaScript.” Even without this specific exploit, JavaScript should arguably be disabled anyways.
Fortunately for us, this setting is made in the registry. That means we can script it in any instance where we need to deploy this setting change through our enterprise environment.
If you open RegEdit and go to HKEY_CURRENT_USERSoftwareAdobeAdobe Acrobat9.0JSPrefs, you will see a value named bEnableJS. To disable JavaScript in Acrobat 9.0 set this to a value of 0. To Enable it, set it to a value of 1. Note: If you haven’t changed the JavaScript preferences for Acrobat yet, this key will not exists.
Execute this command on a computer or put it in a logon script to set this registry value and disable JavaScript in Adobe Acrobat 9.0.
reg add "HKCUSoftwareAdobeAdobe Acrobat9.0JSPrefs" /v bEnableJS /t REG_DWORD /d 0 /f
Adobe Reader 9.0
You will find similar changes to be made with Adobe Reader 9.0. Go to Edit, Preferences… Under JavaScript, disable Acrobat JavaScript by unchecking the box.
The value in the registry can be found at a similar path:
HKEY_CURRENT_USERSoftwareAdobeAcrobat Reader9.0JSPrefs
Set the value named bEnableJS to 0 to disable JavaScript.
Execute this command on a computer or put it in a logon script to set this registry value and disable JavaScript in Adobe Reader 9.0.
reg add "HKCUSoftwareAdobeAcrobat Reader9.0JSPrefs" /v bEnableJS /t REG_DWORD /d 0 /f
Thanks Adobe! Another reason we didn’t need JavaScript or Flash in our PDFs in the first place.