Adobe's challenges are two-fold going forward. First off, administrators don't necessarily want to disable JavaScript in an environment where the Web is prominent.

Users should disable JavaScript in Adobe’s Reader and Acrobat tools to protect themselves until a patch for a just-disclosed vulnerability is available, security experts said today.

If nothing else, JavaScript should be disabled by default in Adobe Reader.” Henceforth, Sophos has recommended all users to disable JavaScript in Adobe Acrobat and Reader by default.

"All currently supported shipping versions of Adobe Reader and Acrobat, [Versions] 9.1, 8.1.4 and 7.1.1 and earlier, are vulnerable to this issue," said David Lenoe, the company's security program ...