In a bulletin released October 22, 2007, Adobe announced a critical vulnerability in its Acrobat and Reader programs. This vulnerability could allow a successful attacker to take control of the affected system. In order for the attacker to compromise the system, they must get you to open a malicious file in Adobe Reader or Acrobat.
This vulnerability affects users running Windows XP or Windows 2003 with Internet Explorer 7 installed. Vista users are not affected. Adobe versions 8.1 and earlier are susceptible to this vulnerability. Adobe categorizes this as a critical issue and recommends that affected users update their product installations. [more]
For Adobe versions 8.1, Adobe strongly recommends that you upgrade to Adobe Reader 8.1.1 or Acrobat 8.1.1. Users can utilize the product’s automatic update feature or manually activate the update by choosing Help > Check for Updates Now from the program's menu. You can also find update files here:
• Adobe Acrobat: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
• Adobe Reader: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
For Adobe versions 7.09 or earlier, Adobe will release an update in the near future, so you should continue to check the Adobe support site for available updates.
For more information about this vulnerability, please refer to the following article on Adobe's website:
http://www.adobe.com/support/security/bulletins/apsb07-18.html
For help applying this critical security update to your Adobe applications, please contact us.