VULNERABILITY: Adobe Acrobat Reader accessing PDF documents in a browser

[Anne]

There is a problem with Adobe Acrobat Reader accessing PDF documents through a browser.  It affects all versions of Adobe Acrobat Reader prior to version 8 on all computers, including Microsoft Windows, Apple Mac OS X and Unix/Linux.

This problem allows an attacker to gain control of your computer.

Update Adobe Acrobat Reader to the latest version which is available free on the Adobe web site
http://www.adobe.com/products/acrobat/readstep2.html

The SANS Institute says:

A cross-site scripting flaw in Adobe Acrobat Reader 6.x and 7.x could allow attackers to cause malicious code to execute on vulnerable systems.  Users can protect their computers from attacks by upgrading to Adobe Acrobat Reader 8.0 or by applying workarounds, which include disabling displaying PDF documents in the web browser,  disabling JavaScript and filtering JavaScript in URLs.

Internet Storm Center Note: http://isc.sans.org/diary.php?storyid=1999
http://www.theregister.co.uk/2007/01/04/adobe_scripting_flaw/print.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007051&source=rss_topic17
http://www.kb.cert.org/vuls/id/815960
[Editor's Note (Honan): Adobe's security advisory on this issue is available at
http://www.adobe.com/support/security/advisories/apsa07-01.html in which Adobe state they aim to release a patch for this issue on version 7 sometime next week. There is good coverage on the issue at the Internet Storm Centre. Also according to this article this flaw can expose data on local disks
http://newsletters.zdnetuk.cneteu.net/t/172869/1833106/218791/0/]