Adobe Systems Inc. has warned of two serious security flaws affecting Windows, Mac OS X and Unix versions of its Acrobat software. The bugs could allow an attacker to execute malicious code on a user"s system via a PDF file distributed via e-mail, according to security researchers. The first flaw affects Version 6.0.2 of Acrobat Reader, according to an advisory posted to the Bugtraq mailing list by security research firm iDefense, which discovered both bugs.
Reader incorrectly parses the .etd files used in eBook transactions so that an .etd file containing special code in the "title" or "baseurl" fields can cause an invalid memory access. This could allow the execution of malicious code with the privileges of the user, iDefense said. An attacker could exploit this bug by sending an e-mail message including either an attached PDF file or a link to the file.Earlier versions of Acrobat Reader 6 may also be vulnerable, and Adobe Acrobat may also be affected, iDefense said.