Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.
Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue.
These are the software versions affected:
Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Adobe recommends temporary mitigation until a patch is available. Here are the instructions:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
5. Click OK
Or you can use an alternate PDF reader like Foxit, Sumatra, PDF-Xchange, CoolPDF or eXPert PDF.
, F-Secure Labs posted screens showing that when the PDF file is opened in Adobe Acrobat/Reader it attempts to download an executable file.