Adobe has released a Security Advisory for Adobe Reader and Acrobat to address a vulnerability affecting the following software versions:
- Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh
- Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and Unix
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows, Macintosh
Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition or take control of the affected system. Adobe also states that using Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this vulnerability. Adobe has indicated in their advisory that this vulnerability is being exploited in the wild.
UPDATE: Adobe has released an update to address these vulnerability in Adobe Security Bulletin APSB11-30 for the following software.
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows
- Adobe Reader 9.4.6 and earlier 9.x versions for Windows
US-CERT encourages users and administrators to review Adobe Security Bulletin ASPA11-04 and APSB11-30 for additional information. More information regarding this vulnerability can be found on the US-CERT vulnerability note VU#759307.
US-CERT will provide additional information as it becomes available.