Users should disable JavaScript in Adobe's Reader and Acrobat tools to
protect themselves until a patch for a just-disclosed vulnerability is
available, security experts said today.
The advice is timely, as noted bug researcher and exploit maker HD Moore
confirmed that an exploit would be published to the open-source Metasploit
penetration testing framework within a day or two.
Shadowserver, a volunteer-run group that tracks vulnerabilities, was the
first to urge users to switch off JavaScript. "We have said it before and we
will say it again: Disable JavaScript," the group said in a Monday post to its
blog.