A vulnerability has been revealed in Adobe Systems Inc’s Acrobat Reader software by researchers from Symantec Corp. and VeriSign Inc.’s iDefense Intelligence.
The flaw allows cyber-intruders to attack personal computers through trusted Web links. Web site’a hosting PSD (Portable Document Format) files are vulnerable to attacks ranging from the theft of cookies which track a user’s Web browsing history to the creation of harmful worms.
The flaw exists in a plug-in that enables Acrobat users to view PDF files within Web browsers. By manipulating the Web links to those documents it is possible to take control of the Acrobat software and run malicious code when users attempt to open the files.
The flaw appears to target Microsoft Corp’s Internet Explorer 6.0 Web browser and earlier versions, and Mozilla’s Firefox browser according to researchers. Users are advised to upgrade Internet Explorer or change Firefox’s user options so the browser does not use the Acrobat plug-in.