Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products.
According to Adobe's advisory, the flaw "could potentially allow an attacker to take control of the affected system."
If you have Adobe Reader or Acrobat installed on your machine, this update should be treated with the highest possible priority because the vulnerability is being exploited in the wild.
The patch is available for all platforms. The affected products are:
- Adobe Reader 8.0 through 8.1.2
- Adobe Reader 7.0.9 and earlier
- Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
- Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier
Adobe Reader 7.1.0 and Acrobat 7.1.0 are not vulnerable to this issue.
From a separate SecurityFocus bulletin:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.
* Image source: existentist's Flickr photostream (Creative Commons 2.0)