A zero-day vulnerability in all versions of Adobe Reader and Acrobat will not have a fix until March, Adobe has warned.
A successful exploit of a buffer overflow flaw in the PDF reader code could cause the applications to crash, the software maker said in an advisory released on Thursday. That could then allow a remote attacker to take control of an affected system.
Affected products include Adobe Reader 9 and Acrobat 9, as well as earlier versions. The company said it expected updates to be available for Adobe Reader 9 and Acrobat 9 by 11 March, with patches for earlier versions being made available "soon after".
Shadowserver Foundation, a security research organisation, reported on Thursday that the hole in Adobe Reader was being actively exploited in the wild, and that independent security researcher Matt Richard had performed an analysis of the exploit code.