Microsoft tool blocks attacks on Adobe Reader hole
On Friday, Microsoft published instructions on how to use the Enhanced Mitigation Experience Toolkit (EMET) to block the zero day hole in Acrobat Reader. Adobe has not yet published a patch itself, but recently added a link to Microsoft's instructions on its web site. Because of the lack of time, Adobe says it has not been able to test Microsoft's procedure fully, so recommends further testing in your own work environment.
Adobe has categorised the vulnerability as critical (CVE-2010-2883). It can reportedly cause systems to crash and allow attackers to get control of infected systems and the first reports of active exploits of the flaw have been published. For instance, last Thursday Trend Micro wrote that it had found infected files. The current version, 9.3.4, of Adobe Reader and Adobe Acrobat 9.3.4 for Windows, Mac and Unix are affected, as are earlier versions.
(crve)