Adobe warns of Reader, Acrobat bug

A security flaw in Adobe Systems' popular Acrobat and Reader applications could be used to shut down or hijack vulnerable PCs.

By crafting a malicious PDF file, a remote attacker could cause the applications to crash or possibly commandeer the target computer, Adobe said in a security advisory published on Tuesday. The San Jose, Calif.-based software maker has updates available to fix the problem.

The security issue affects Adobe Reader for Windows, Mac OS, Linux and Solaris and Adobe Acrobat for Windows and Mac OS, Adobe said. Security monitoring company Secunia rates the issue "highly critical," according to an advisory posted Tuesday.

The vulnerability is a so-called buffer overflow within a core application plug-in that is part of Adobe Acrobat and Adobe Reader, the company said. Adobe itself discovered the error, according to the advisory.

Buffer overflows are a commonly exploited security problem. They occur when a program allows data to be written beyond the allocated end of a buffer in memory. A computer can be made to execute potentially malicious code by feeding in extra data that is designed to flood over the buffer.