As promised earlier this month, Adobe has shipped a fix for the URI protocol handling vulnerability that left a backdoor open on Windows XP machines with Internet Explorer 7 installed.
The patch, rated "critical," addresses multiple flaws in Adobe Reader and Acrobat that could allow an attacker to take complete control of a vulnerable system.
From Adobe's advisory:
This issue only affects customers on Windows XP with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities.
It's important to note that this patch only applies to some versions of the software. For instance, there are no patches yet for Adobe Reader 7.0.9 and Acrobat 7.0.9. Adobe says those fixes will come "at a later date."
In the meantime, the temporary workaround is to disable the "mailto:" option in Acrobat, Acrobat 3D and Adobe Reader by modifying the application options in the Windows registry (see instructions here).
Microsoft is also planning to ship an update to address this issue.