Adobe's challenges are two-fold going forward. First off, administrators don't necessarily want to disable JavaScript in an environment where the Web is prominent.

That “Bugtraq ID,” or BID number has been assigned to a second JavaScript vulnerability in Adobe’s Reader. Proof-of-concept attack code for both bugs has already been published on the Web.

Users should disable JavaScript in Adobe’s Reader and Acrobat tools to protect themselves until a patch for a just-disclosed vulnerability is available, security experts said today.

The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.

Security firm Sophos has urged Adobe to disable Javascript by default in its PDF products, Adobe Reader and Adobe Acrobat. Sophos believes that Adobe needs to 'overhaul its approach to building ...