According to Adobe, the buffer overflow vulnerability lies within an unnamed core application plug-in that's part of both Acrobat and the free Reader. An attacker who creates a malicious PDF file and tricks a user into opening it could crash the app, and perhaps execute additional code to grab control of the machine.
Windows, Mac, Linux, and Solaris editions of Acrobat and Reader are vulnerable to the flaw, Adobe said in its security advisory. New versions of Acrobat and Reader have been posted on the Adobe download site, although current users can also update from within the applications.
Because Adobe Reader is present on about 90 percent of desktops -- the free viewer makes it possible to open, read, and print the PDF file format, a popular way to present documents on the Internet -- security vendors such as Secunia rated the vulnerability as "highly critical" and recommended that users update as soon as possible. U.S. CERT, the United States Computer Emergency Response Team, issued its own advisory and also advised users to "access PDF files from trusted or known sources [to reduce] the chances of exploitation."