Adobe issued an advisory late last week on its PSIRT blog confirming the proof-of-concept denial-of-service exploit for the company’s Reader product that was recently posted on the Full Disclosure website. Adobe, which advised that the attack does not affect Acrobat, said that remote code execution may be possible using this method.
The issue affects Adobe Reader versions 9.2 and 8.1.7 and later for Windows and Mac, as well as version 9.2 and later for UNIX.
Adobe said it is not aware of any active exploits using this method against its Reader application. The software firm, which said it is still investigating the issue, has also provided guidance to mitigate against potential exploits using its JavaScript Blacklist Framework.