Adobe Reader / Acrobat 9.2 以前に新たな欠陥、修正版はまだない - 特に重要なセキュリティ欠陥・ウイルス情報

12/16 追記
Security Advisory for Adobe Reader and Acrobat - Security bulletin


Customers using Adobe Reader or Acrobat versions 9.2 or 8.1.7 can utilize the JavaScript Blacklist Framework to prevent this vulnerability. Please refer to the TechNote for more information.

Customers who are not able to utilize the JavaScript Blacklist functionality can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK

Adobe Reader and Acrobat JavaScript Blacklist Framwork Mitigation for Security Advisory - APSA09-07 - Adobe TechNote

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\JavaScriptPerms]
レジストリに追加しろと?(Reader 9.2の場合)
それもやって、かつ「Acrobat JavaScriptを使用」のチェックもはずしたままにしておこう。(^-^;
JavaScript 実行時の動作に関する変更点(Windows 版 Acrobat/Adobe Reader 8-9) - Adobe TechNote

Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue.
December 15, 2009 - Planned release date for Adobe Reader and Acrobat update to resolve issue added

Security Advisory for Adobe Reader and Acrobat

2010/1/13(水)はMicrosoft UpdateAdobe update の日っと。φ(.. )
JVNVU#508357 Adobe Reader および Acrobat における解放済みメモリを使用する脆弱性


Adobe Reader および Acrobat は、JavaScript をサポートしています。 オブジェクトの newplayer() メソッドには、解放済みメモリを使用する (use-after-free) 脆弱性が存在します。


Adobe Reader/Acrobat "" Memory Corruption - Secunia Advisory:SA37690

A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error in the implementation of the "" JavaScript method. This can be exploited to corrupt memory and execute arbitrary code via a specially crafted PDF file.

NOTE: This vulnerability is currently being actively exploited.

The vulnerability is reported in versions 9.2 and prior.

Use the JavaScript Blacklist functionality to block the affected method. Please see the vendor's advisory for more information.

Fixed versions will reportedly be available by January 12, 2010.

12/21 追記
PDF exploit踏んだ。 - Libraryのチラシの裏
ゲフッ! Kaspersky / Symantec / TrendMicro スルーですか。 orz

結論: PDFのJavaScript機能はもうインストールしたら最初から無効にしよう。