[Steve]

Adobe has confirmed a bug in its Acrobat and Reader programs that would allow a malicious PDF file to attack and compromise a computer. It has not yet provided a patch, but it is has suggested a work-around whilst it prepares a fuller solution. The problem affects Windows XP users using Internet Explorer 7. It does not affect Windows Vista users. The underlying vulnerability also affects Mozilla and Skype users.

UK Security Researcher Petko Petkov reported on 21 September that Adobe Acrobat/Reader PDF documents can be used to compromise a Windows system. All it takes is to open a PDF document or stumble across a page [that] embeds one..

Adobe's work-around requires editing the Windows registry, not a straightforward task for most users, but it would protect against malicious PDF documents that exploit the "mailto:" URI (universal resource identifier) to trick users into downloading attack code. A Mailto: statement would launch the default e-mail client and then opens a
pre-addressed message when a link is clicked inside a Web browser.

Adobe has said it will update Adobe Reader 8.1 and Adobe Acrobat 8.1, as well as Adobe 3D, by the end of October.

In the meantime, be wary of unsolicited PDF files in your email or on web pages that you do not use regularly.

Adobe - Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat