Security researchers have published a piece of code designed to provide a workaround for a zero-day flaw in Adobe Reader 9 and Adobe Acrobat 9.
The vulnerability research team at Sourcefire, which provides open-source intrusion and prevention software, published a link to the 'homebrew', or unofficial, patch in its blog on Sunday. Adobe has said that it doesn't plan to make its own patch for the buffer-overflow flaw available until at least 11 March.
Sourcefire's Lurene Grenier, who made posted the blog entry, said the piece of code is a replacement .dll file for AcroRd32.dll. The code is designed to mitigate the effects of opening a malicious file.
"In the event that you do open a bad pdf file, you should see a pop-up with the phrase 'Insufficient data for an image' and nothing will show up," wrote Grenier. "Reader will go on living happily."
Grenier added the caveats that she had used only the Windbg debugger and "a crappy hex editor" to write the fix. She said the workaround would not prevent all attacks, and that "no warranty [was] expressed or implied" by making the fix available.
Sourcefire, the organisation behind the open-source Snort network intrusion prevention system (IPS), on Sunday also made IPS rules available for Snort subscribers, to mitigate the risk of infection.