Adobe has patched flaws in Acrobat that could have allowed an attacker to
take over a user’s system with an infected PDF attachment. Elizabeth Millard of Enterprise Security Today writes:

“Rated as ‘highly critical’ by security firm Secunia, the flaws were
contained in the way the software handled playback in Flash media from an
Adobe PDF file. ‘This had the potential to be bad, because so many people
use PDFs, and it’s considered a trusted document type,’ Secunia researcher
Thomas Kristensen told NewsFactor.

“Adobe noted that no customers have complained of incidents or attacks
because of the flaws. The flaws were first reported on late Tuesday by
security research firm iDefense, which noted that a format string
vulnerability in version 6.0.2 of Adobe Reader could let users create a file
containing malicious code.

“A user receiving an e-mail with a malicious PDF file, or with a link to such
a file, could fall victim to an attacker that had embedded code in the file.
The problems affected Adobe Acrobat and Adobe Reader versions 6.0 to 6.0.2
on both the Windows and the Macintosh OS X platforms. The Reader bug causes
the application to incorrectly parse .etd files used in eBook transactions,
which can allow a file containing special code in the ‘title’ or ‘base url’
fields to affect memory access.”

[Continue reading Adobe Patches Acrobat Vulnerabilities (via Yahoo! News)]